Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

crypto: clear error stack

Clear OpenSSL's error stack on return from Connection::HandleSSLError().
This stops stale errors from popping up later in the lifecycle of the
SSL connection where they would cause spurious failures.

This commit causes a 1-2% performance regression on `make bench-tls`.
We'll address that in follow-up commits if possible but let's ensure
correctness first.

Fixes #4771.

This is a back-port of commit c6e2db2 from the master branch.

Conflicts:
	src/node_crypto.cc
  • Loading branch information...
commit 1e7b3d536b57e50b640d287f6af24f18d22fc3d9 1 parent a6a1659
@bnoordhuis authored
Showing with 10 additions and 0 deletions.
  1. +10 −0 src/node_crypto.cc
View
10 src/node_crypto.cc
@@ -702,6 +702,16 @@ int Connection::HandleBIOError(BIO *bio, const char* func, int rv) {
int Connection::HandleSSLError(const char* func, int rv) {
+ // Forcibly clear OpenSSL's error stack on return. This stops stale errors
+ // from popping up later in the lifecycle of the SSL connection where they
+ // would cause spurious failures. It's a rather blunt method, though.
+ // ERR_clear_error() isn't necessarily cheap either.
+ struct ClearErrorOnReturn {
+ ~ClearErrorOnReturn() { ERR_clear_error(); }
+ };
+ ClearErrorOnReturn clear_error_on_return;
+ (void) &clear_error_on_return; // Silence unused variable warning.
+
if (rv >= 0) return rv;
int err = SSL_get_error(ssl_, rv);
Please sign in to comment.
Something went wrong with that request. Please try again.