On 24/02/2020 03:49, Mahendra SP wrote: > Hi Matt, > > Thank you for the inputs. > I have one more query. Is it appropriate to check for the errno in this > case and take action based on the errno values ? No, errno should not be checked unless SSL_get_error returns SSL_ERROR_SYSCALL. Matt > > Thanks > Mahendra > > On Wed, Feb 19, 2020 at 3:09 PM Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx>> wrote: > > > > On 19/02/2020 05:16, Mahendra SP wrote: > > Hi All, > > > > We are using Openssl version 1.0.2h. When we call SSL_do_handshake, > > sometimes we notice that handshake fails with error SSL_ERROR_SSL. > > As per the documentation for this error, it is non recoverable and > fatal > > error. Documentation also mentions to check the error queue for > further > > details. Does it mean, calling SSL_get_error after SSL_ERROR_SSL will > > give exact reason for this failure? > > OpenSSL has its own error stack. SSL_ERROR_SSL means that you should > look at that error stack for further details about what caused the > problem. For example you can use ERR_print_errors_fp() to print all the > error descriptions to stdout/stderr: > > https://www.openssl.org/docs/man1.1.1/man3/ERR_print_errors_fp.html > > You can get more fine grained control of the error stack using the > various ERR_* functions available. See: > > https://www.openssl.org/docs/man1.1.1/man3/ > > Matt >
