How to manage the error queue in openssl (SSL_get_error and ERR_get_error)

Question

In OpenSSl, The man pages for The majority of SSL_* calls indicate an error by returning a value <= 0 and suggest calling SSL_get_error() to get the extended error.

B

Answer 1

• SSL_get_error does not call ERR_get_error. So if you just call SSL_get_error, the error stays in the queue.
• You should be calling ERR_clear_error prior to ANY SSL-call(SSL_read, SSL_write etc) that is followed by SSL_get_error, otherwise you may be reading an old error that occurred previously in the current thread.