diff options
| author | Constantine Sapuntzakis <csapuntz@gmail.com> | 2010-06-05 23:41:58 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-06-05 23:41:58 +0200 |
| commit | a0dd9df9ab35528eb9eb669e741a5df4b1fb833c (patch) | |
| tree | cca73863d2c3c0115bc6911db7634bfbd0bd93c0 /CHANGES | |
| parent | 4724b9d966e0785a875018a33861076501a83929 (diff) | |
OpenSSL: fix spurious SSL connection aborts
Was seeing spurious SSL connection aborts using libcurl and
OpenSSL. I tracked it down to uncleared error state on the
OpenSSL error stack - patch attached deals with that.
Rough idea of problem:
Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.
ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error
ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old
error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.
ssluse.c returns an error and aborts the connection
Solution:
Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.
Notes:
This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same
thread.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -7,6 +7,11 @@ Changelog Daniel Stenberg (5 June 2010) +- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using + libcurl and OpenSSL. "I tracked it down to uncleared error state on the + OpenSSL error stack - patch attached deals with that." + +Daniel Stenberg (5 June 2010) - Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT to curl_easy_getinfo(). |