> On 13 Apr 2023, at 18:42, Daniel Gustafsson <daniel@yesql.se> wrote:
> Regarding the thread; I hope to have a suggestion for a way forward regarding
> the open issue later tonight.
After reading OpenSSL code and documentation, I think the simplest solution is
to explicitly check for X509 errors when OpenSSL reports SSL_ERROR_SYSCALL.
It's not documented why this particular errorcode is used, but AFAICT it's
because while it is a cert verification failure, the cause of it is an IO error
in reading a non-existing file or directory.
The attached diff passes the tests on OpenSSL 1.0.1 through 3.1 as well as on
LibreSSL. Thoughts?
--
Daniel Gustafsson