> Is the following reasonable to do on a call to SSL_read()? Will it
> return the propper error string?
> if( ( nReturnVal = SSL_read( con, cReadBuffer, READ_BUFFER_SIZE ) ) < 1 ) {
> unsigned long nErrorVal = SSL_get_error( con, nReturnVal );
> char *cErrorString = ERR_error_string( nErrorVal, NULL );
> printf( "%s", cErrorString );
> }
No. SSL_get_error has (almost) nothing to do with the
ERR_... functions. The ERR_... API allows you to look at the OpenSSL
error queue, which can hold a number of error codes that can be
translated by ERR_error_string (and there are lots of such error
codes, you never can expect to know all of them because future library
versions will add new ones). SSL_get_error, however, is roughly a
generalization of read/write return values, and it has only eight
different values, which can be handled in a switch() statement.
There was a thread here recently about those error codes in
openssl-dev; see the mailing list archives (links at www.openssl.org).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]