1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Index: src/connections.c
===================================================================
--- src/connections.c (revision 2103)
+++ src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+ ERR_clear_error();
do {
if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
if (srv_sock->is_ssl) {
int ret;
+ ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
case 1:
@@ -1675,6 +1677,8 @@
break;
case 0:
- SSL_shutdown(con->ssl);
- break;
+ ERR_clear_error();
+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+ // fall through
default:
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
Index: src/network_openssl.c
===================================================================
--- src/network_openssl.c (revision 2084)
+++ src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
*/
+ ERR_clear_error();
if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
unsigned long err;
@@ -188,4 +189,5 @@
close(ifd);
+ ERR_clear_error();
if ((r = SSL_write(ssl, s, toSend)) <= 0) {
unsigned long err;
Index: src/connections.c
===================================================================
--- src/connections.c (revision 2136)
+++ src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
#ifdef USE_OPENSSL
if (srv_sock->is_ssl) {
- int ret;
+ int ret, ssl_r;
+ unsigned long err;
ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
case 0:
ERR_clear_error();
- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
// fall through
default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
- SSL_get_error(con->ssl, ret),
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
+
+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ break;
+ case SSL_ERROR_SYSCALL:
+ /* perhaps we have error waiting in our error-queue */
+ if (0 != (err = ERR_get_error())) {
+ do {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ } while((err = ERR_get_error()));
+ } else {
+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+ ssl_r, r, errno,
+ strerror(errno));
+ }
+
+ break;
+ default:
+ while((err = ERR_get_error())) {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ }
+
+ break;
+ }
}
}
+ ERR_clear_error();
#endif
Index: src/connections.c
===================================================================
--- src/connections.c (revision 2139)
+++ src/connections.c (revision 2144)
@@ -1681,5 +1681,5 @@
if (-1 != (ret = SSL_shutdown(con->ssl))) break;
- // fall through
+ /* fall through */
default:
@@ -1698,5 +1698,5 @@
} else {
log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
- ssl_r, r, errno,
+ ssl_r, ret, errno,
strerror(errno));
}
|
