[dev.icinga.com #12100] Ensure to clear the SSL error queue before calling SSL_{read,write,do_handshake} #4345
Comments
|
Updated by mfriedrich on 2016-07-05 13:45:07 +00:00
Applied in changeset 9b873d6. |
|
Updated by mfriedrich on 2016-07-08 14:25:03 +00:00
|
|
Updated by mfriedrich on 2016-07-14 08:34:07 +00:00
|
|
Updated by mfriedrich on 2016-08-04 08:15:23 +00:00
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue has been migrated from Redmine: https://dev.icinga.com/issues/12100
Created by mfriedrich on 2016-07-05 13:24:41 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2016-07-05 13:45:07 +00:00)
Target Version: 2.5.0
Last Update: 2016-07-05 13:45:07 +00:00 (in Redmine)
The error queue is stored internally by OpenSSL on a stack reserved for each thread.
Our current code does check for the returned error code first and then call the SSL_*_error() functions. So we are safe that the triggered error also contains the most recent error message from the error queue. Though SSL_get_error() only provides a copy of the first queue element, but does not delete it later on. Same goes for ERR_peek_error().
The SSL documentation enforces a usage of ERR_clear_error() in order to make SS_*_error() work reliably. One thing which could occur - many SSL errors could result into lots of error messages in the OpenSSL error queue turning into a (small) memory leak.
Resources:
https://www.postgresql.org/message-id/20150224030956.2529.83279@wrigleys.postgresql.org
http://stackoverflow.com/questions/18179128/how-to-manage-the-error-queue-in-openssl-ssl-get-error-and-err-get-error
Changesets
2016-07-05 13:25:02 +00:00 by mfriedrich 9b873d6
2016-08-03 13:43:01 +00:00 by mfriedrich ca73432
Relations:
The text was updated successfully, but these errors were encountered: