Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #12100] Ensure to clear the SSL error queue before calling SSL_{read,write,do_handshake} #4345

Closed
icinga-migration opened this issue Jul 5, 2016 · 4 comments
Labels
bug
Milestone

Comments

@icinga-migration
Copy link
Member

@icinga-migration icinga-migration commented Jul 5, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/12100

Created by mfriedrich on 2016-07-05 13:24:41 +00:00

Assignee: mfriedrich
Status: Resolved (closed on 2016-07-05 13:45:07 +00:00)
Target Version: 2.5.0
Last Update: 2016-07-05 13:45:07 +00:00 (in Redmine)

Icinga Version: 2.4.10
Backport?: Not yet backported
Include in Changelog: 1

The error queue is stored internally by OpenSSL on a stack reserved for each thread.

Our current code does check for the returned error code first and then call the SSL_*_error() functions. So we are safe that the triggered error also contains the most recent error message from the error queue. Though SSL_get_error() only provides a copy of the first queue element, but does not delete it later on. Same goes for ERR_peek_error().

The SSL documentation enforces a usage of ERR_clear_error() in order to make SS_*_error() work reliably. One thing which could occur - many SSL errors could result into lots of error messages in the OpenSSL error queue turning into a (small) memory leak.

Resources:
https://www.postgresql.org/message-id/20150224030956.2529.83279@wrigleys.postgresql.org
http://stackoverflow.com/questions/18179128/how-to-manage-the-error-queue-in-openssl-ssl-get-error-and-err-get-error

Changesets

2016-07-05 13:25:02 +00:00 by mfriedrich 9b873d6

Ensure to clear the SSL error queue before calling SSL_{read,write,do_handshake}

fixes #12100

2016-08-03 13:43:01 +00:00 by mfriedrich ca73432

Ensure to clear the SSL error queue before calling SSL_{read,write,do_handshake}

fixes #12100

Relations:

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Jul 5, 2016

Updated by mfriedrich on 2016-07-05 13:45:07 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset 9b873d6.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Jul 8, 2016

Updated by mfriedrich on 2016-07-08 14:25:03 +00:00

  • Relates set to 12092
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Jul 14, 2016

Updated by mfriedrich on 2016-07-14 08:34:07 +00:00

  • Relates set to 12030
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Aug 4, 2016

Updated by mfriedrich on 2016-08-04 08:15:23 +00:00

  • Relates set to 12309
@icinga-migration icinga-migration added this to the 2.5.0 milestone Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.