Date: Mon, 07 Apr 2008 14:38:20 +0200 From: Harald Schmalzbauer <h.schmalzbauer@omnisec.de> To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Cc: Harald Schmalzbauer <harry@omnisec.de> Subject: Re: ports/122526: lighttpd active SSL connection loss (SSL3_WRITE_PENDING:bad write retry) Message-ID: <47FA15BC.8080706@omnisec.de> In-Reply-To: <200804071120.m37BK0s7053011@freefall.freebsd.org> References: <200804071120.m37BK0s7053011@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD-gnats-submit@FreeBSD.org wrote am 07.04.2008 13:20 (localtime):
Sorry, there as a select'n'paste error, here is the correct patch:
--- src/connections.c (revision 2103)
+++ src/connections.c (revision 2136)
@@ -200,4 +200,5 @@
/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
+ ERR_clear_error();
do {
if (!con->ssl_error_want_reuse_buffer) {
@@ -1670,4 +1671,5 @@
if (srv_sock->is_ssl) {
int ret;
+ ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
case 1:
@@ -1675,6 +1677,8 @@
break;
case 0:
- SSL_shutdown(con->ssl);
- break;
+ ERR_clear_error();
+ if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+ // fall through
default:
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
--- src/network_openssl.c (revision 2084)
+++ src/network_openssl.c (revision 2136)
@@ -86,4 +86,5 @@
*/
+ ERR_clear_error();
if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
unsigned long err;
@@ -188,4 +189,5 @@
close(ifd);
+ ERR_clear_error();
if ((r = SSL_write(ssl, s, toSend)) <= 0) {
unsigned long err;
--- NEWS (revision 2130)
+++ NEWS (revision 2136)
@@ -9,4 +9,5 @@
* Fix mod_extforward to compile with old gcc version (#1591)
* Update documentation for #1587
+ * Fix #285 again: read error after SSL_shutdown (thx
marton.illes@balabit.com) and clear the error queue before some other calls
- 1.4.19 - 2008-03-10
--- src/connections.c (revision 2136)
+++ src/connections.c (revision 2139)
@@ -1670,5 +1670,6 @@
#ifdef USE_OPENSSL
if (srv_sock->is_ssl) {
- int ret;
+ int ret, ssl_r;
+ unsigned long err;
ERR_clear_error();
switch ((ret = SSL_shutdown(con->ssl))) {
@@ -1678,14 +1679,40 @@
case 0:
ERR_clear_error();
- if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
// fall through
default:
- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
- SSL_get_error(con->ssl, ret),
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
+
+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ break;
+ case SSL_ERROR_SYSCALL:
+ /* perhaps we have error waiting in our error-queue */
+ if (0 != (err = ERR_get_error())) {
+ do {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ } while((err = ERR_get_error()));
+ } else {
+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+ ssl_r, r, errno,
+ strerror(errno));
+ }
+
+ break;
+ default:
+ while((err = ERR_get_error())) {
+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+ ssl_r, ret,
+ ERR_error_string(err, NULL));
+ }
+
+ break;
+ }
}
}
+ ERR_clear_error();
#endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47FA15BC.8080706>