diff options
author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-07-25 04:30:02 +0000 |
---|---|---|
committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-07-25 04:30:02 +0000 |
commit | 6c8a2fe247a93403257fe2af76b67180055069b4 (patch) | |
tree | cf3eef8746b0806140bf26b27c405afe0b0dfe4d | |
parent | 29f354df6350f960a9ecf8a5e363208ead010a6c (diff) | |
download | ruby-6c8a2fe247a93403257fe2af76b67180055069b4.tar.gz |
* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
SSLError from SSLSocket just after invoking SSLSocket#close.
OpenSSL's SSL_shutdown could try to send alert packet and it might
set SSLerr(global error stack) as the result. It causes the next
SSL read/write operation to fail by unrelated reason.
By design, we're ignoring any error at SSL_shutdown() so we clear
global error stack after SSL_shutdown is called. See #5039.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32658 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 3 |
2 files changed, 13 insertions, 1 deletions
@@ -1,3 +1,14 @@ +Mon Jul 25 13:09:42 2011 Hiroshi Nakamura <nahi@ruby-lang.org> + + * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated + SSLError from SSLSocket just after invoking SSLSocket#close. + OpenSSL's SSL_shutdown could try to send alert packet and it might + set SSLerr(global error stack) as the result. It causes the next + SSL read/write operation to fail by unrelated reason. + + By design, we're ignoring any error at SSL_shutdown() so we clear + global error stack after SSL_shutdown is called. See #5039. + Sun Jul 24 20:29:53 2011 Tanaka Akira <akr@fsij.org> * ext/socket/extconf.rb: refine the recvmsg test. diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4d878797d4..ed820cd431 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -983,7 +983,8 @@ ossl_ssl_shutdown(SSL *ssl) if (rc = SSL_shutdown(ssl)) break; } - SSL_clear(ssl); + ERR_clear_error(); + SSL_clear(ssl); } } |