Wietse Venema wrote: > Victor Duchovni: > >> When a user requests SSL protocol debug logging from Postfix, we use >> essentially boilerplate code from SSL_CTX_set_info_callback(3): >> > > And then they see so much crap that it freaks them out, and not > just the buffer-empty conditions. > > It's like when people installed tcp wrapper. For the first time > they looked at their logfiles, saw all kinds of unrelated errors, > freaked out and blamed me for it. > > >> } else if (where & SSL_CB_EXIT) { >> if (ret == 0) >> msg_info("%s:failed in %s", >> str, SSL_state_string_long((SSL *) s)); >> else if (ret < 0) { >> switch(SSL_get_error((SSL *)s, ret)) { >> case SSL_ERROR_WANT_READ: >> case SSL_ERROR_WANT_WRITE: >> > > "get" operations that make VISIBLE changes to the SSL handle would > be exceptionally poor engineering. > SSL_get_error() does not make changes to any states. It just queries several state flags and error queues but does not touch anything.
Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]