Project

General

Profile

committed-patch-1.4.19.patch

backport to 1.4.19 of the patch which actually got committed - hoffie, 2008-03-28 17:00

View differences:

NEWS Fri Mar 28 16:30:14 2008 +0100 → NEWS Fri Mar 28 17:45:28 2008 +0100
8 8
  * added support for If-Range: <date> (#1346)
9 9
  * added support for matching $HTTP["scheme"] in configs
10 10
  * fixed initgroups() called after chroot (#1384)
11
  * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls
11 12
  * fixed case-sensitive check for Auth-Method (#1456)
12 13
  * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
13 14
  * fixed a bug that made /-prefixed extensions being handled also when
src/connections.c Fri Mar 28 16:30:14 2008 +0100 → src/connections.c Fri Mar 28 17:45:28 2008 +0100
199 199

  
200 200
	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
201 201

  
202
	ERR_clear_error();
202 203
	do {
203 204
		if (!con->ssl_error_want_reuse_buffer) {
204 205
			b = buffer_init();
......
1668 1669
			}
1669 1670
#ifdef USE_OPENSSL
1670 1671
			if (srv_sock->is_ssl) {
1671
				int ret;
1672
				int ret, ssl_r;
1673
				unsigned long err;
1674
				ERR_clear_error();
1672 1675
				switch ((ret = SSL_shutdown(con->ssl))) {
1673 1676
				case 1:
1674 1677
					/* ok */
1675 1678
					break;
1676 1679
				case 0:
1677
					SSL_shutdown(con->ssl);
1678
					break;
1680
					ERR_clear_error();
1681
					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
1682

  
1683
					// fall through
1679 1684
				default:
1680
					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
1681
							SSL_get_error(con->ssl, ret),
1682
							ERR_error_string(ERR_get_error(), NULL));
1683
					return -1;
1685

  
1686
					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
1687
					case SSL_ERROR_WANT_WRITE:
1688
					case SSL_ERROR_WANT_READ:
1689
						break;
1690
					case SSL_ERROR_SYSCALL:
1691
						/* perhaps we have error waiting in our error-queue */
1692
						if (0 != (err = ERR_get_error())) {
1693
							do {
1694
								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1695
										ssl_r, ret,
1696
										ERR_error_string(err, NULL));
1697
							} while((err = ERR_get_error()));
1698
						} else {
1699
							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
1700
									ssl_r, r, errno,
1701
									strerror(errno));
1702
						}
1703
	
1704
						break;
1705
					default:
1706
						while((err = ERR_get_error())) {
1707
							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1708
									ssl_r, ret,
1709
									ERR_error_string(err, NULL));
1710
						}
1711
	
1712
						break;
1713
					}
1684 1714
				}
1685 1715
			}
1716
			ERR_clear_error();
1686 1717
#endif
1687 1718

  
1688 1719
			switch(con->mode) {
src/network_openssl.c Fri Mar 28 16:30:14 2008 +0100 → src/network_openssl.c Fri Mar 28 17:45:28 2008 +0100
85 85
			 *
86 86
			 */
87 87

  
88
			ERR_clear_error();
88 89
			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
89 90
				unsigned long err;
90 91

  
......
187 188

  
188 189
				close(ifd);
189 190

  
191
				ERR_clear_error();
190 192
				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
191 193
					unsigned long err;
192 194