jessequ
/
AMQP-CPP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more calls to openssl::err_clear_error() to prevent that the error queue contains errors that are not related to the operations that is being checked

This commit is contained in:
Emiel Bruijntjes 2018-04-27 12:38:06 +02:00
parent 670c4ac993
commit 5d69cc567c
3 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/linux_tcp/sslconnected.h
View File

@ -259,6 +259,10 @@ private:
// assume default state // assume default state
_state = state_idle; _state = state_idle;
// we are going to check for errors after the openssl operations, so we make
// sure that the error queue is currently completely empty
OpenSSL::ERR_clear_error();
// because the output buffer contains a lot of small buffers, we can do multiple // because the output buffer contains a lot of small buffers, we can do multiple
// operations till the buffer is empty (but only if the socket is not also // operations till the buffer is empty (but only if the socket is not also
// readable, because then we want to read that data first instead of endless writes // readable, because then we want to read that data first instead of endless writes
@ -270,9 +274,8 @@ private:
// we may have to repeat the operation on failure // we may have to repeat the operation on failure
if (result > 0) continue; if (result > 0) continue;
// Check for error and clear the error queue before the next TLS/SSL I/O operation // check for error
auto error = OpenSSL::SSL_get_error(_ssl, result); auto error = OpenSSL::SSL_get_error(_ssl, result);
OpenSSL::ERR_clear_error();
// the operation failed, we may have to repeat our call // the operation failed, we may have to repeat our call
return repeat(monitor, state_sending, error); return repeat(monitor, state_sending, error);
@ -291,6 +294,10 @@ private:
*/ */
TcpState *receive(const Monitor &monitor, bool writable) TcpState *receive(const Monitor &monitor, bool writable)
{ {
// we are going to check for errors after the openssl operations, so we make
// sure that the error queue is currently completely empty
OpenSSL::ERR_clear_error();
// start a loop // start a loop
do do
{ {
@ -301,14 +308,8 @@ private:
auto result = _in.receivefrom(_ssl, _connection->expected()); auto result = _in.receivefrom(_ssl, _connection->expected());
// if this is a failure, we are going to repeat the operation // if this is a failure, we are going to repeat the operation
if (result <= 0) if (result <= 0) return repeat(monitor, state_receiving, OpenSSL::SSL_get_error(_ssl, result));
{
// Check for error and clear the error queue before the next TLS/SSL I/O operation
auto error = OpenSSL::SSL_get_error(_ssl, result);
OpenSSL::ERR_clear_error();
return repeat(monitor, state_receiving, error);
}
// go process the received data // go process the received data
auto *nextstate = parse(monitor, result); auto *nextstate = parse(monitor, result);
@ -406,6 +407,10 @@ public:
// create an object to wait for the filedescriptor to becomes active // create an object to wait for the filedescriptor to becomes active
Wait wait(_socket); Wait wait(_socket);
// we are going to check for errors after the openssl operations, so we make
// sure that the error queue is currently completely empty
OpenSSL::ERR_clear_error();
// keep looping while we have an outgoing buffer // keep looping while we have an outgoing buffer
while (_out) while (_out)
@ -430,9 +435,6 @@ public:
// error was returned, so we must investigate what is going on // error was returned, so we must investigate what is going on
auto error = OpenSSL::SSL_get_error(_ssl, result); auto error = OpenSSL::SSL_get_error(_ssl, result);
// clear the error queue before the next TLS/SSL I/O operation
OpenSSL::ERR_clear_error();
// get the next state given the error // get the next state given the error
auto *nextstate = repeat(monitor, state_sending, error); auto *nextstate = repeat(monitor, state_sending, error);

4
src/linux_tcp/sslhandshake.h
View File

@ -190,6 +190,10 @@ public:
// must be the socket // must be the socket
if (fd != _socket) return this; if (fd != _socket) return this;
// we are going to check for errors after the openssl operations, so we make
// sure that the error queue is currently completely empty
OpenSSL::ERR_clear_error();
// start the ssl handshake // start the ssl handshake
int result = OpenSSL::SSL_do_handshake(_ssl); int result = OpenSSL::SSL_do_handshake(_ssl);

4
src/linux_tcp/sslshutdown.h
View File

@ -186,6 +186,10 @@ public:
{ {
// the socket must be the one this connection writes to // the socket must be the one this connection writes to
if (fd != _socket) return this; if (fd != _socket) return this;
// we are going to check for errors after the openssl operations, so we make
// sure that the error queue is currently completely empty
OpenSSL::ERR_clear_error();
// close the connection // close the connection
auto result = OpenSSL::SSL_shutdown(_ssl); auto result = OpenSSL::SSL_shutdown(_ssl);