diff options
| author | Constantine Sapuntzakis <csapuntz@gmail.com> | 2010-06-05 23:41:58 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-06-05 23:41:58 +0200 |
| commit | a0dd9df9ab35528eb9eb669e741a5df4b1fb833c (patch) | |
| tree | cca73863d2c3c0115bc6911db7634bfbd0bd93c0 /lib/hostip.h | |
| parent | 4724b9d966e0785a875018a33861076501a83929 (diff) | |
OpenSSL: fix spurious SSL connection aborts
Was seeing spurious SSL connection aborts using libcurl and
OpenSSL. I tracked it down to uncleared error state on the
OpenSSL error stack - patch attached deals with that.
Rough idea of problem:
Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.
ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error
ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old
error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.
ssluse.c returns an error and aborts the connection
Solution:
Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.
Notes:
This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same
thread.
Diffstat (limited to 'lib/hostip.h')
0 files changed, 0 insertions, 0 deletions