[PATCH] Avoid stale OpenSSL error state tripping up SSL connections
Date: Fri, 4 Jun 2010 15:06:20 -0700
Was seeing spurious SSL connection aborts using libcurl and OpenSSL. I
tracked it down to uncleared error state on the OpenSSL error stack -
patch attached deals with that.
Rough idea of problem:
* Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.
* ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error
* ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old error and
returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
* ssluse.c returns an error and aborts the connection
* Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.
* This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same thread
- application/octet-stream attachment: curl-openssl-avoid-stale-errors.patch