crypto: clear error stack

Clear OpenSSL's error stack on return from Connection::HandleSSLError(). This stops stale errors from popping up later in the lifecycle of the SSL connection where they would cause spurious failures. This commit causes a 1-2% performance regression on `make bench-tls`. We'll address that in follow-up commits if possible but let's ensure correctness first. Fixes #4771.
nodejs · Feb 27, 2013 · c6e2db2 · c6e2db2
1 parent f054fec
commit c6e2db2
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -901,6 +901,16 @@ int Connection::HandleBIOError(BIO *bio, const char* func, int rv) {
 
 
 int Connection::HandleSSLError(const char* func, int rv, ZeroStatus zs) {
+  // Forcibly clear OpenSSL's error stack on return. This stops stale errors
+  // from popping up later in the lifecycle of the SSL connection where they
+  // would cause spurious failures. It's a rather blunt method, though.
+  // ERR_clear_error() isn't necessarily cheap either.
+  struct ClearErrorOnReturn {
+    ~ClearErrorOnReturn() { ERR_clear_error(); }
+  };
+  ClearErrorOnReturn clear_error_on_return;
+  (void) &clear_error_on_return;  // Silence unused variable warning.
+
   if (rv > 0) return rv;
   if ((rv == 0) && (zs == kZeroIsNotAnError)) return rv;