Skip to content
Permalink
Browse files

core: empty openssl error queue on SSL_shutdown()

If during or before SSL_shutdown() errors occured that were saved in the
thread-local openssl error queue, these were not read and thus retained
on the queue until another tls session read them.
This lead to bogus error detection. Now we simply clear all errors from
the queue after we're done with our openssl context, so the errors do
not "leak" into another context anymore.

(cherry picked from commit cf3e106)
  • Loading branch information...
arogge committed Jul 19, 2019
1 parent d145c8e commit 449d338099056153616347379342440706dad0ff
Showing with 8 additions and 0 deletions.
  1. +8 −0 core/src/lib/tls_openssl.cc
@@ -324,6 +324,14 @@ void TlsOpenSsl::TlsBsockShutdown(BareosSocket *bsock)

int ssl_error = SSL_get_error(d_->openssl_, err_shutdown);

/*
* There may be more errors on the thread-local error-queue.
* As we just shutdown our context and looked at the errors that we were
* interested in we clear the queue so nobody else gets to read an error
* that may have occured here.
*/
ERR_clear_error(); // empties the current thread's openssl error queue

SSL_free(d_->openssl_);
d_->openssl_ = nullptr;

0 comments on commit 449d338

Please sign in to comment.
You can’t perform that action at this time.