[openssl-users] When to call ERR_clear_error() ?
pratyush parimal
pratyush.parimal at gmail.com
Thu Jun 28 15:41:24 UTC 2018
Hi all,
I have a multi-threaded SSL server application which uses
SSL_write()/SSL_read() calls.
In my write-loop, whenever SSL_write() returns <= 0, I call
SSL_get_error() to see what happened, and then proceed based on what I
find. After that, I call ERR_clear_error() because I think I need to
clear the error queue for the current thread.
Is calling ERR_clear_error() the right thing to do? The manpage for
SSL_get_error() says:
" ... SSL_get_error() inspects the current thread's OpenSSL error
queue. Thus, SSL_get_error() must be used in the same thread that
performed the TLS/SSL I/O operation, and no other OpenSSL function
calls should appear in between. The current thread's error queue must
be empty before the TLS/SSL I/O operation is attempted, or
SSL_get_error() will not work reliably."
My reason for calling ERR_clear_error() is to make sure that " ...
current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted ...". My application is multi-threaded and I
don't want SSL errors from one thread to cause with other threads.
What can happen if I don't call ERR_clear_error() ? Could someone
explain the correct/reasonable places I should be using that function?
Thanks,
Pratyush
More information about the openssl-users
mailing list