> On Dec 20, 2018, at 6:43 PM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote: > > Thanks for the hint. You are correct, and a clear before that set > of crypto operations gets me a far more reasonable message. Makes sense. > The error seems to be left around after SSL_accept(), and yet > it does not appear in my SNI callback. Worse, my verify callback > (which I was expected to appear) does not seem to be being called. > Yet the SSL_accept() succeeded. > > Any ideas on that? You provide much too little detail. This particular "error" happens when a TLS 1.2 ciphersuite does not correspond to any any public key type for which OpenSSL might have a certificate. Perhaps another ciphersuite is then selected, as OpenSSL is trying to find one that works? Not all "errors" are actual problems, some are resolved by taking an alternative code path. Before beginning a new high-level operation in the SSL library it is good to (at least periodically) clear the error stack. Like "errno" it is not cleared on function entry, and persists until simply cleared or iteratively consumed for reporting. -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
