On 02/05/2019 18:23, Viktor Dukhovni wrote: >>> At this point you'd be calling SSL_get_error(), is there a lock that >>> prevents writes between SSL_read() and SSL_read() and SSL_get_error()? >> >> The mutex does not protect SSL_get_error() calls. > > I think that's an application bug. The SSL_get_error() is using > the same SSL handle as the SSL_read(), which can be materially > altered by concurrent writes. (Matt, if you're still reading this > thread, do you agree?) > > I would not release the mutex until after the call to SSL_get_error(). An SSL object should not be used in multiple threads at the same time no matter what the API call. This applies to SSL_get_error() as well. If you are doing that then that could most definitely cause the behaviour you are seeing. Matt