You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Created by mfriedrich on 2016-07-05 13:24:41 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2016-07-05 13:45:07 +00:00)
Target Version: 2.5.0
Last Update: 2016-07-05 13:45:07 +00:00 (in Redmine)
Icinga Version: 2.4.10
Backport?: Not yet backported
Include in Changelog: 1
The error queue is stored internally by OpenSSL on a stack reserved for each thread.
Our current code does check for the returned error code first and then call the SSL_*_error() functions. So we are safe that the triggered error also contains the most recent error message from the error queue. Though SSL_get_error() only provides a copy of the first queue element, but does not delete it later on. Same goes for ERR_peek_error().
The SSL documentation enforces a usage of ERR_clear_error() in order to make SS_*_error() work reliably. One thing which could occur - many SSL errors could result into lots of error messages in the OpenSSL error queue turning into a (small) memory leak.
This issue has been migrated from Redmine: https://dev.icinga.com/issues/12100
Created by mfriedrich on 2016-07-05 13:24:41 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2016-07-05 13:45:07 +00:00)
Target Version: 2.5.0
Last Update: 2016-07-05 13:45:07 +00:00 (in Redmine)
The error queue is stored internally by OpenSSL on a stack reserved for each thread.
Our current code does check for the returned error code first and then call the SSL_*_error() functions. So we are safe that the triggered error also contains the most recent error message from the error queue. Though SSL_get_error() only provides a copy of the first queue element, but does not delete it later on. Same goes for ERR_peek_error().
The SSL documentation enforces a usage of ERR_clear_error() in order to make SS_*_error() work reliably. One thing which could occur - many SSL errors could result into lots of error messages in the OpenSSL error queue turning into a (small) memory leak.
Resources:
https://www.postgresql.org/message-id/20150224030956.2529.83279@wrigleys.postgresql.org
http://stackoverflow.com/questions/18179128/how-to-manage-the-error-queue-in-openssl-ssl-get-error-and-err-get-error
Changesets
2016-07-05 13:25:02 +00:00 by mfriedrich 9b873d6
2016-08-03 13:43:01 +00:00 by mfriedrich ca73432
Relations:
The text was updated successfully, but these errors were encountered: