Patrick, I believe the "sane state" implied here is that if you call SSL_get_error() some of the time and not all of the time, you may be getting information about errors that happened any time in the past for that SSL*. It won't necessarily prevent OpenSSL from working correctly, just your perception of it.
First, a little background. Looking at SSL_get_error() in ssl_lib.c and get_error_values() in err.c - which are the main functions for retrieving error information - if no errors exist, these functions just exist gracefully. So, it never hurts to call immediately after each SSL_read() or SSL_write() or other SSL function. For people new to OpenSSL, I really recommend looking at the s_client.c and s_server.c in the apps source folder. These provide a good foundation for writing code with OpenSSL. Second, I do not believe you are not obligated to use SSL_get_error(), if you don't want to. I don't necessarily recommend it, but for simple and shortlived programs, this is an option. In my experience, it's more a case of apparent memory leakage caused by the error stack, not an instability. On Fri, Feb 12, 2010 at 6:11 PM, Patrick M. Rutkowski <rutsk...@gmail.com> wrote: > As an OpenSSL newbie, I'm trouble that the man pages for SSL_write() > and SSL_read() don't stress that you should clear the error stack upon > a failed call. They suggest you check SSL_get_error(), but they make > no mention of clearing the error stack afterward, and I hear that > clearing the error stack _every time_ is absolutely curtail to keeping > OpenSSL in a sane state. > > Is it really the case that the error stack needs to be cleared, and > the read/write docs just don't mention it? > > Or is it the case that the read/write docs don't mention it precisely > because it's not important? > > -Patrick > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > -- John L Veazey ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
