Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bogus errors in TLS sessions #232

Merged
merged 2 commits into from Aug 1, 2019

Conversation

@arogge
Copy link
Contributor

commented Jul 19, 2019

Previously if a TLS session failed, the next TLS operation in the same thread saw the error of that failing session and was also terminated.
This PR fixes this behaviour by clearing the error-queue.

As the original issue that lead to this behaviour occured during a status client command to
a) a 17.2 or older client
b) a client with a mismatching password
we also add a systemtest that checks the correct behaviour when trying to status a client with a mismatching password (which eventually runs into a TLS handshake error)

systemtests: test bconsole crash on status client
When connecting to an older version without TLS-PSK support or when
passwords mismatch during the "status client" command the director
closes the connection to bconsole leading to an apparent "crash" in
bconsole (i.e. console exists without error).

This systemtest checks whether this problem has been fixed.

@arogge arogge requested a review from franku Jul 19, 2019

core/src/lib/tls_openssl.cc Outdated Show resolved Hide resolved
@franku

This comment has been minimized.

Copy link
Member

commented Jul 19, 2019

You found that! Terrific!

Should merge into master and 18.2.

core: empty openssl error queue on SSL_shutdown()
If during or before SSL_shutdown() errors occured that were saved in the
thread-local openssl error queue, these were not read and thus retained
on the queue until another tls session read them.
This lead to bogus error detection. Now we simply clear all errors from
the queue after we're done with our openssl context, so the errors do
not "leak" into another context anymore.

@arogge arogge force-pushed the dev/arogge/master/TT4200514 branch from 8a24901 to cf3e106 Jul 19, 2019

arogge added a commit that referenced this pull request Aug 1, 2019
Merge pull request #234 from bareos/dev/arogge/bareos-18.2/TT4200514
Backport to 18.2: Fix bogus errors in TLS sessions #232

@arogge arogge merged commit 2c8c37b into master Aug 1, 2019

4 checks passed

continuous-integration/jenkins/branch This commit looks good
Details
continuous-integration/jenkins/pr-merge This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@arogge arogge deleted the dev/arogge/master/TT4200514 branch Aug 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.