From a0dd9df9ab35528eb9eb669e741a5df4b1fb833c Mon Sep 17 00:00:00 2001 From: Constantine Sapuntzakis Date: Sat, 5 Jun 2010 23:41:58 +0200 Subject: OpenSSL: fix spurious SSL connection aborts Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I tracked it down to uncleared error state on the OpenSSL error stack - patch attached deals with that. Rough idea of problem: Code that uses libcurl calls some library that uses OpenSSL but don't clear the OpenSSL error stack after an error. ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from the OS. Returns -1 to indicate an error ssluse.c calls SSL_get_error. First thing, SSL_get_error calls ERR_get_error to check the OpenSSL error stack, finds an old error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. ssluse.c returns an error and aborts the connection Solution: Clear the openssl error stack before calling SSL_* operation if we're going to call SSL_get_error afterwards. Notes: This is much more likely to happen with multi because it's easier to intersperse other calls to the OpenSSL library in the same thread. --- CHANGES | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 4379303ad..6ea7c7c7b 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,11 @@ Changelog +Daniel Stenberg (5 June 2010) +- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using + libcurl and OpenSSL. "I tracked it down to uncleared error state on the + OpenSSL error stack - patch attached deals with that." + Daniel Stenberg (5 June 2010) - Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT to curl_easy_getinfo(). -- cgit v1.2.3