Project

General

Profile

fix-ssl-again-1.4.19.patch

same patch as fix-ssl-again.patch (by stbuehler) against 1.4.19 - hoffie, 2008-03-28 16:07

View differences:

NEWS Fri Mar 28 16:30:14 2008 +0100 → NEWS Fri Mar 28 16:51:14 2008 +0100
8 8
  * added support for If-Range: <date> (#1346)
9 9
  * added support for matching $HTTP["scheme"] in configs
10 10
  * fixed initgroups() called after chroot (#1384)
11
  * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls
11 12
  * fixed case-sensitive check for Auth-Method (#1456)
12 13
  * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
13 14
  * fixed a bug that made /-prefixed extensions being handled also when
src/connections.c Fri Mar 28 16:30:14 2008 +0100 → src/connections.c Fri Mar 28 16:51:14 2008 +0100
199 199

  
200 200
	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
201 201

  
202
	ERR_clear_error();
202 203
	do {
203 204
		if (!con->ssl_error_want_reuse_buffer) {
204 205
			b = buffer_init();
......
1668 1669
			}
1669 1670
#ifdef USE_OPENSSL
1670 1671
			if (srv_sock->is_ssl) {
1671
				int ret;
1672
				int ret, ssl_r;
1673
				unsigned long err;
1674
				ERR_clear_error();
1672 1675
				switch ((ret = SSL_shutdown(con->ssl))) {
1673 1676
				case 1:
1674 1677
					/* ok */
1675 1678
					break;
1676 1679
				case 0:
1677
					SSL_shutdown(con->ssl);
1678
					break;
1680
					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
1681

  
1682
					// fall through
1679 1683
				default:
1680
					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
1681
							SSL_get_error(con->ssl, ret),
1682
							ERR_error_string(ERR_get_error(), NULL));
1683
					return -1;
1684

  
1685
					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
1686
					case SSL_ERROR_WANT_WRITE:
1687
					case SSL_ERROR_WANT_READ:
1688
						break;
1689
					case SSL_ERROR_SYSCALL:
1690
						/* perhaps we have error waiting in our error-queue */
1691
						if (0 != (err = ERR_get_error())) {
1692
							do {
1693
								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1694
										ssl_r, ret,
1695
										ERR_error_string(err, NULL));
1696
							} while((err = ERR_get_error()));
1697
						} else {
1698
							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
1699
									ssl_r, r, errno,
1700
									strerror(errno));
1701
						}
1702
	
1703
						break;
1704
					default:
1705
						while((err = ERR_get_error())) {
1706
							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
1707
									ssl_r, ret,
1708
									ERR_error_string(err, NULL));
1709
						}
1710
	
1711
						break;
1712
					}
1684 1713
				}
1685 1714
			}
1715
			ERR_clear_error();
1686 1716
#endif
1687 1717

  
1688 1718
			switch(con->mode) {
src/network_openssl.c Fri Mar 28 16:30:14 2008 +0100 → src/network_openssl.c Fri Mar 28 16:51:14 2008 +0100
85 85
			 *
86 86
			 */
87 87

  
88
			ERR_clear_error();
88 89
			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
89 90
				unsigned long err;
90 91

  
......
187 188

  
188 189
				close(ifd);
189 190

  
191
				ERR_clear_error();
190 192
				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
191 193
					unsigned long err;
192 194