Wietse Venema wrote:
> Victor Duchovni:
>
>> When a user requests SSL protocol debug logging from Postfix, we use
>> essentially boilerplate code from SSL_CTX_set_info_callback(3):
>>
>
> And then they see so much crap that it freaks them out, and not
> just the buffer-empty conditions.
>
> It's like when people installed tcp wrapper. For the first time
> they looked at their logfiles, saw all kinds of unrelated errors,
> freaked out and blamed me for it.
>
>
>> } else if (where & SSL_CB_EXIT) {
>> if (ret == 0)
>> msg_info("%s:failed in %s",
>> str, SSL_state_string_long((SSL *) s));
>> else if (ret < 0) {
>> switch(SSL_get_error((SSL *)s, ret)) {
>> case SSL_ERROR_WANT_READ:
>> case SSL_ERROR_WANT_WRITE:
>>
>
> "get" operations that make VISIBLE changes to the SSL handle would
> be exceptionally poor engineering.
>
SSL_get_error() does not make changes to any states. It just queries
several state flags and error queues but does not touch anything.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
