I'm using ssl (openssl-0.9.7m) as part of AXIS C++. I just spent a week trying to figure out why I couldn't use https (via openssl) to connect on only some of our systems. After rebuilding our copy of OpenSSL for debug and trapping through it, I found that ssleay_rand_bytes() was setting the RAND_R_PRNG_NOT_SEEDED error, then ssleay_rand_pseudo_bytes() (who called ssleay_rand_bytes was clearing it off the error stack and all I was getting on my SSL_Connect() was a return code of -1, and an error string of "00000000:lib(0):func(0):reason(0)". It would really be nice if we could get the right error. What am I missing here? The code basically does: int ret = SSL_connect( m_sslHandle); // 1 is fine // 0 is "not successful but was shut down controlled" // <0 is "handshake was not successful, because a fatal error occurred" if( ret <= 0) { ... switch( ret) { case SSL_ERROR_NONE: // this is not an error case SSL_ERROR_ZERO_RETURN: // no more data return; ... case SSL_ERROR_SSL: // A failure in the SSL library occurred, usually a protocol error. The // OpenSSL error queue contains more information on the error. default: // openssl/ssl.h says "look at error stack/return value/errno" { // A failure in the SSL library occurred, usually a protocol error. The // OpenSSL error queue contains more information on the error. m_Last Error = "OpenSSL error is " + std::string(ret) + "Error stack:\n"; while ((sslerror = ERR_get_error()) != 0) { ERR_error_string(sslerror , error_buffer); m_Last Error += std::string(error_buffer) + "\n"; } } } Thanks for the help.
Wayne Johnson Senior Software Engineer MQSoftware, Inc. 1660 S Highway 100 Minneapolis, MN 55416 (952) 345-8628