* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated

SSLError from SSLSocket just after invoking SSLSocket#close. OpenSSL's SSL_shutdown could try to send alert packet and it might set SSLerr(global error stack) as the result. It causes the next SSL read/write operation to fail by unrelated reason. By design, we're ignoring any error at SSL_shutdown() so we clear global error stack after SSL_shutdown is called. See #5039. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2011-07-25 04:30:02 +00:00 · 2011-07-25 04:30:02 +00:00 · 6c8a2fe247
commit 6c8a2fe247
parent 29f354df63
2 changed files with 13 additions and 1 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+Mon Jul 25 13:09:42 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
+	  SSLError from SSLSocket just after invoking SSLSocket#close.
+	  OpenSSL's SSL_shutdown could try to send alert packet and it might
+	  set SSLerr(global error stack) as the result. It causes the next
+	  SSL read/write operation to fail by unrelated reason.
+
+	  By design, we're ignoring any error at SSL_shutdown() so we clear
+	  global error stack after SSL_shutdown is called. See #5039.
+
 Sun Jul 24 20:29:53 2011  Tanaka Akira  <akr@fsij.org>

 	* ext/socket/extconf.rb: refine the recvmsg test.
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@ -983,7 +983,8 @@ ossl_ssl_shutdown(SSL *ssl)
 	    if (rc = SSL_shutdown(ssl))
 		break;
 	}
-        SSL_clear(ssl);
+	ERR_clear_error();
+	SSL_clear(ssl);
    }
 }