]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ada832)
Add explicit error queue instructions in d2i_X509(3) and SSL_get_error(3)
authorRichard Levitte <levitte@openssl.org>
Thu, 14 Aug 2025 12:44:40 +0000 (14:44 +0200)
committerTomas Mraz <tomas@openssl.org>
Wed, 31 Dec 2025 11:28:07 +0000 (12:28 +0100)
Co-authored-by: Tomáš Mráz <tm@t8m.info>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28264)

doc/man3/SSL_get_error.pod patch | blob | blame | history
doc/man3/d2i_X509.pod patch | blob | blame | history

diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod
index a599a9eee68e9c02276abbab3bfb0cac934855f9..db750cc37fad55ae3d131cddcbae073cb26c2794 100644 (file)
--- a/doc/man3/SSL_get_error.pod
+++ b/doc/man3/SSL_get_error.pod
@@ -23,7 +23,8 @@ current thread's OpenSSL error queue.  Thus, SSL_get_error() must be
 used in the same thread that performed the TLS/SSL I/O operation, and no
 other OpenSSL function calls should appear in between.  The current
 thread's error queue must be empty before the TLS/SSL I/O operation is
-attempted, or SSL_get_error() will not work reliably.
+attempted, or SSL_get_error() will not work reliably.  Emptying the
+current thread's error queue is done with L<ERR_clear_error(3)>.
 
 =head1 NOTES
 
@@ -181,9 +182,13 @@ connection and SSL_shutdown() must not be called.
 
 =back
 
+The OpenSSL error queue can be inspected with the B<ERR> family of functions,
+such as L<ERR_print_errors(3)> and L<ERR_peek_last_error_all(3)>.
+
 =head1 SEE ALSO
 
-L<ssl(7)>
+L<ssl(7)>,
+L<ERR_clear_error(3)>, ERR_print_errors(3), ERR_peek_last_error_all(3)
 
 =head1 HISTORY
 
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index 8e04c2286c575f478d6c7324bf881e952abf975b..41e76ae8379b065bd54188687052417c85d13598 100644 (file)
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -592,6 +592,10 @@ B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>(),
 as well as i2d_ASN1_bio_stream(),
 return 1 for success and 0 if an error occurs.
 
+On error, these functions may record the error in the OpenSSL error queue.
+That error queue can be inspected with the B<ERR> family of functions, such as
+L<ERR_print_errors(3)> and L<ERR_peek_last_error_all(3)>.
+
 =head1 EXAMPLES
 
 Allocate and encode the DER encoding of an X509 structure:
@@ -704,6 +708,10 @@ structure has been modified after deserialization or previous
 serialization. This is because some objects cache the encoding for
 efficiency reasons.
 
+=head1 SEE ALSO
+
+ERR_print_errors(3), ERR_peek_last_error_all(3)
+
 =head1 HISTORY
 
 d2i_OSSL_ATTRIBUTES_SYNTAX(), d2i_OSSL_BASIC_ATTR_CONSTRAINTS(),
Mirror of https://github.com/openssl/openssl.git