Some OpenSSL issues #4875
Merged
Some OpenSSL issues #4875
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssl_close uses this boolean to know if SSL_shutdown should be called. It turns out OpenSSL auto-shutdowns on failure, so if the call to SSL_connect fails, it will complain about "shutdown while in init", trampling the original error.
|
/rebuild |
|
Okay, @pks-t, I started to rebuild this pull request. |
pks-t
approved these changes
Nov 7, 2018
| @@ -373,10 +373,10 @@ static int ssl_set_error(SSL *ssl, int error) | |||
| switch (err) { | |||
| case SSL_ERROR_WANT_CONNECT: | |||
| case SSL_ERROR_WANT_ACCEPT: | |||
| giterr_set(GITERR_NET, "SSL error: connection failure"); | |||
| giterr_set(GITERR_SSL, "SSL error: connection failure"); | |||
There was a problem hiding this comment.
I think these changes make sense. The other secure streams also use GITERR_SSL for various SSL-related failures
| @@ -602,6 +600,8 @@ int openssl_connect(git_stream *stream) | |||
| if ((ret = SSL_connect(st->ssl)) <= 0) | |||
| return ssl_set_error(st->ssl, ret); | |||
|
|
|||
| st->connected = true; | |||
There was a problem hiding this comment.
Makes sense, too. One might wonder about whether the BIO will still get free'd if we never call SSL_shutdown. But documentation of SSL_set_bio states that BIO's ownership is transferred to the SSL handle and will get free'd with BIO_free_all as soon the SSL handle is free'd.
|
Thanks! |
|
@ethomson Though it's minor, also next-release (unless it was backported). |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reading #4644 was eerily familiar, so it made me start looking for "that patch I had written but now I can't find it" 馃槈.
This is extracted from #4786, I'm not sure if it is the complete story, but at least it would help downstream (and us) to pinpoint the reason for those failures.