cURL / Mailing Lists / curl-library / Single Mail


[PATCH] Avoid stale OpenSSL error state tripping up SSL connections

From: Constantine Sapuntzakis <>
Date: Fri, 4 Jun 2010 15:06:20 -0700

Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I
tracked it down to uncleared error state on the OpenSSL error stack -
patch attached deals with that.

Rough idea of problem:
  * Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.

  * ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error

  * ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old error and
returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or

  * ssluse.c returns an error and aborts the connection

  * Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.

  * This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same thread


List admin:

Received on 2010-06-05