luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OpenSSL: clear error queue after SSL_shutdown

Browse Source 
We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.

Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.

This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.

Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>

Closes #11736
This commit is contained in:
John Hawthorn 2023-08-25 11:06:28 -07:00 committed by Daniel Stenberg
parent c2212c05aa
commit 6d44625305
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/vtls/openssl.c
View File

@ -1884,6 +1884,9 @@ static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
(void)SSL_read(backend->handle, buf, (int)sizeof(buf));
(void)SSL_shutdown(backend->handle);
ERR_clear_error();
SSL_set_connect_state(backend->handle);
}