Topic: OpenSSL compatibility and ERR_error_string

Hello I am trying to understand better the OpenSSL compatibility. For example, ERR_error_string maps to CyaSSL_ERR_error_string, which has behavior different from OpenSSL's ERR_error_string. For example OpenSSL's version returns the error string in a static buffer in the case of a NULL pointer but the wolfSSL version does not. To me that doesn't seem compatble but that is what I'm here to figure out, just how compatible it actually is intended to be (not just for this case specifically but in general). If you know of any other compatibility functions that may have similar quirks please let me know so I can investigate. Thanks


Re: OpenSSL compatibility and ERR_error_string

Hi Ray,

Our compatibility layer has been designed to make it easier to port OpenSSL-based applications over to wolfSSL, but given that we map them to our internal wolfSSL API, not all functionality may be exactly the same.  Instead of returning a pointer to a static buffer, wolfSSL's ERR_error_string() will return a pointer to a static constant string "Please supply a buffer for error string".

We don't have a complete list of compatibility gaps, but will help answer your questions if you encounter them in your porting effort.  Our OpenSSL compatibility layer also only contains about 10% of the function in OpenSSL, and is a "work in progress" as we do more ports into existing OpenSSL-based applications.

Our preference, and recommendation for new applications is to use the native wolfSSL API.