Problem with getting error description after SSL_CTX_new returned NULL

Question

I am very new to SSL , Actually I would say I know nothing about it.

I am using the method "SSL_CTX_new" to create an SSL_CTX object. The method returns null.The documentation says I can check the error stack in order to get the cause for this.

So I have the function "int SSL_get_error(SSL *s,int ret_code)" which (as I understand) I have to use in order to get the error message. the documentation of the method says nothing about the first parameter of the function. It only says that the second ("ret") parameter should be equal to the return code from the failed operation which can be any of the following :

SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read(), SSL_peek(), or SSL_write()

So now I am having two problems. The first is that I didn't use any of those functions but rather use SSL_CTX_new that doesn't return any kind of return code (it returns a pointer to SSX_CTX object) So i don't know what to put as the "ret" parameter. The second problem is that I don't know what does the first parameter mean and what should I put there , because the doc says nothing about it.

Answer 1

You need a valid context to create the SSL object.

Since you can't create a context you can't use SSL_get_error.

Try using ERR_print_errors to see what's gone wrong

#include "openssl/err.h"
...

SSL_CTX * ctx = SSL_CTX_new(....);
if(!ctx) {
    ERR_print_errors_fp(stderr);
    //throw or return an error 
}

I just had a read of the SSL docs. If you need to programatically get the error code / error string you should use the ERR_get_error and ERR_error_string functions.

Have a look here and here