SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

Matt Caswell matt at
Fri May 3 09:16:22 UTC 2019

On 02/05/2019 18:23, Viktor Dukhovni wrote:
>>> At this point you'd be calling SSL_get_error(), is there a lock that
>>> prevents writes between SSL_read() and SSL_read() and SSL_get_error()?
>> The mutex does not protect SSL_get_error() calls.
> I think that's an application bug.  The SSL_get_error() is using
> the same SSL handle as the SSL_read(), which can be materially
> altered by concurrent writes.  (Matt, if you're still reading this
> thread, do you agree?)
> I would not release the mutex until after the call to SSL_get_error().

An SSL object should not be used in multiple threads at the same time no matter
what the API call. This applies to SSL_get_error() as well. If you are doing
that then that could most definitely cause the behaviour you are seeing.


More information about the openssl-users mailing list