cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] Avoid stale OpenSSL error state tripping up SSL connections

From: Constantine Sapuntzakis <csapuntz_at_gmail.com>
Date: Fri, 4 Jun 2010 15:06:20 -0700

Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I
tracked it down to uncleared error state on the OpenSSL error stack -
patch attached deals with that.

Rough idea of problem:
  * Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.

  * ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error

  * ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old error and
returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.

  * ssluse.c returns an error and aborts the connection

Solution:
  * Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.

Notes:
  * This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same thread

-Costa

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2010-06-05