I'm using OpenSSL 0.9.8i, and have noticed the following scenario:

-          Some OpenSSL crypto function returns with an error, leaving a 
description of the error on the error queue

-          The application neglects to call ERR_clear_error()

-          SSL_read() is then called on a non-blocking socket and returns 
because there's no input available

-          Calling SSL_get_error() returns SSL_ERROR_SSL instead of 
SSL_ERROR_WANT_READ, because the error queue is not empty.

Would it be possible to modify the code so that blocking socket takes 
precedence over the error queue?
If not, what is the recommended programming practice with non-blocking sockets?

-          ensure the everybody call ERR_clear_error() after an error

-          call ERR_clear_error() before SSL read/write (but if that's 
recommended why isn't it inside SSL_read/SSL_write)

Thanks,
Uri

Reply via email to