Skip to content
Permalink
Browse files

core: empty openssl error queue on SSL_shutdown()

If during or before SSL_shutdown() errors occured that were saved in the
thread-local openssl error queue, these were not read and thus retained
on the queue until another tls session read them.
This lead to bogus error detection. Now we simply clear all errors from
the queue after we're done with our openssl context, so the errors do
not "leak" into another context anymore.
  • Loading branch information...
arogge committed Jul 19, 2019
1 parent 21712ae commit cf3e1064f495b0592e0202edb2cec7e358c5b378
Showing with 8 additions and 0 deletions.
  1. +8 −0 core/src/lib/tls_openssl.cc
@@ -333,6 +333,14 @@ void TlsOpenSsl::TlsBsockShutdown(BareosSocket* bsock)

int ssl_error = SSL_get_error(d_->openssl_, err_shutdown);

/*
* There may be more errors on the thread-local error-queue.
* As we just shutdown our context and looked at the errors that we were
* interested in we clear the queue so nobody else gets to read an error
* that may have occured here.
*/
ERR_clear_error(); // empties the current thread's openssl error queue

SSL_free(d_->openssl_);
d_->openssl_ = nullptr;

0 comments on commit cf3e106

Please sign in to comment.
You can’t perform that action at this time.