Clear error queue before each SSL_*() call.

The documentation recommends clearing the error queue before each SSL_*() call. Since we always check the results of SSL_*() for errors instead of blindly calling SSL_get_error() it's not clear this makes any difference, but it still seems like a good idea to be sure there are no stray errors in the queue.
2025-03-03 14:52:21 +02:00 · 2020-04-20 11:08:58 -04:00 · 2020-04-20 11:08:58 -04:00 · 4b28f79c92
commit 4b28f79c92
parent 6f41ce1182
1 changed files with 11 additions and 2 deletions
--- a/src/common/io/tls/session.c
+++ b/src/common/io/tls/session.c
@ -3,6 +3,8 @@ TLS Session
 ***********************************************************************************************************************************/
 #include "build.auto.h"

+#include <openssl/err.h>
+
 #include "common/crypto/common.h"
 #include "common/debug.h"
 #include "common/io/io.h"
@ -191,7 +193,9 @@ tlsSessionRead(THIS_VOID, Buffer *buffer, bool block)
        if (!SSL_pending(this->session))
            sckSessionReadyRead(this->socketSession);

-        // Read and handle errors
+        // Read and handle errors. The error queue must be cleared before this operation.
+        ERR_clear_error();
+
        result = tlsSessionResult(this, SSL_read(this->session, bufRemainsPtr(buffer), (int)bufRemains(buffer)), true);

        // Update amount of buffer used
@ -229,6 +233,9 @@ tlsSessionWrite(THIS_VOID, const Buffer *buffer)

    while (result == 0)
    {
+        // Write and handle errors. The error queue must be cleared before this operation.
+        ERR_clear_error();
+
        result = tlsSessionResult(this, SSL_write(this->session, bufPtrConst(buffer), (int)bufUsed(buffer)), false);

        // Either a retry or all data was written
@ -289,11 +296,13 @@ tlsSessionNew(SSL *session, SocketSession *socketSession, TimeMSec timeout)
        cryptoError(
            SSL_set_fd(this->session, sckSessionFd(this->socketSession)) != 1, "unable to add socket to TLS session");

-        // Negotiate TLS session
+        // Negotiate TLS session. The error queue must be cleared before this operation.
        int result = 0;

        while (result == 0)
        {
+            ERR_clear_error();
+
            if (sckSessionType(this->socketSession) == sckSessionTypeClient)
                result = tlsSessionResult(this, SSL_connect(this->session), false);
            else