[openssl-users] SSL_accept error code

Matt Caswell matt at openssl.org
Tue Mar 8 09:29:12 UTC 2016



On 08/03/16 01:04, Yan, Bob wrote:
> Hi All,
> 
> I have a SSL server application which use SSL_accept to accept the
> connections from client, see the code below:
> 
> int retcode = SSL_accept(mSsl);
> unsigned long error =  SSL_get_error(mSsl, retcode);
> ERR_error_string_n(error, errmsg, sizeof(errmsg));
> 
> When something went wrong, for example Client connect server with
> ssl3 protocol (disabled), I get the error like this
> "error:00000001:lib(0):func(0):reason(1)". Could somebody tell me
> that is there any way to have more detailed debug messages from
> openssl?

You're not doing it right.

SSL_get_error() will give a return code to tell you the type of error
that was received, e.g. SSL_ERROR_WANT_READ, SSL_ERROR_SYSCALL,
SSL_ERROR_SSL, etc.

If error == SSL_ERROR_SSL then you can inspect the OpenSSL error queue
for more details. You *do not* pass SSL_ERROR_SSL to ERR_error_string_n!
Use a function such as ERR_print_errors(), ERR_print_errors_fp(),
ERR_get_error() etc See the man pages for those functions.

Matt


More information about the openssl-users mailing list