OpenSSL: fix spurious SSL connection aborts

Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I tracked it down to uncleared error state on the OpenSSL error stack - patch attached deals with that. Rough idea of problem: Code that uses libcurl calls some library that uses OpenSSL but don't clear the OpenSSL error stack after an error. ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from the OS. Returns -1 to indicate an error ssluse.c calls SSL_get_error. First thing, SSL_get_error calls ERR_get_error to check the OpenSSL error stack, finds an old error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. ssluse.c returns an error and aborts the connection Solution: Clear the openssl error stack before calling SSL_* operation if we're going to call SSL_get_error afterwards. Notes: This is much more likely to happen with multi because it's easier to intersperse other calls to the OpenSSL library in the same thread.
2010-06-05 23:41:58 +02:00
parent 4724b9d966
commit a0dd9df9ab
3 changed files with 16 additions and 1 deletions
--- a/5
+++ b/5
@@ -6,6 +6,11 @@

                                  Changelog

+Daniel Stenberg (5 June 2010)
+- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using
+  libcurl and OpenSSL. "I tracked it down to uncleared error state on the
+  OpenSSL error stack - patch attached deals with that."
+
 Daniel Stenberg (5 June 2010)
 - Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and
  CURLINFO_LOCAL_PORT to curl_easy_getinfo().