Talk:Libcrypto API

From OpenSSLWiki
Revision as of 22:16, 3 March 2013 by Matt (talk | contribs) (Best practices for printing errors)

Jump to: navigation, search

Initialization and engines?

Should the recommended initialization code include a call to ENGINE_load_builtin_engines? (Or to OPENSSL_config, which calls ENGINE_load_builtin_engines.) Otherwise, the RdRand engine for getting better random numbers from newer Intel chips (as one example) won't be used.

(My own thoughts on OpenSSL initialization are here.)

--Ppelleti 18:05, 3 March 2013 (UTC)

Hmmm - I've not come across this as a recommendation before. What is the original source for your recommendation?

--Matt 22:15, 3 March 2013 (UTC)

Best practices for printing errors

I'm curious about the recommendation to do this:

 err:
   unsigned long errCode;
   while(errCode = ERR_get_error())
   {
     char *err = ERR_error_string(errCode, NULL);
     printf("%s\n", err);
   }

Wouldn't it be much simpler to just do:

 err:
  ERR_print_errors_fp(stderr);

Or, if one really does want to iterate through each line of the error queue individually, wouldn't it still be better for us to recommend using ERR_error_string_n with an explicit buffer? ERR_error_string with a NULL argument is not thread-safe.

--Ppelleti 18:12, 3 March 2013 (UTC)

Either way does the trick, but I agree yours is simpler. I'll change it.,

--Matt 22:16, 3 March 2013 (UTC)