diff options
author | Ehren Bendler <ehren.bendler@gmail.com> | 2021-08-19 13:45:55 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-08-21 17:05:14 +0200 |
commit | 797bacf9c5a39f68d337d13f488407eeb507a9fc (patch) | |
tree | fdf6e5ffc51bfccce3195f65aeb2b7b9ddc3ec1f /lib/vtls | |
parent | 4e53b9430c7504de8984796e2a2091ec16f27136 (diff) | |
download | curl-797bacf9c5a39f68d337d13f488407eeb507a9fc.tar.gz |
wolfssl: clean up wolfcrypt error queue
If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
calling ERR_clear_error() like in vtls/openssl when needed. This func is
a no-op in wolfcrypt if the error queue is not enabled.
Closes #7594
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/wolfssl.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 7cab17fb6..16fbb8928 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -525,6 +525,8 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, const char * const dispname = SSL_HOST_DISPNAME(); const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + ERR_clear_error(); + conn->recv[sockindex] = wolfssl_recv; conn->send[sockindex] = wolfssl_send; @@ -775,7 +777,11 @@ static ssize_t wolfssl_send(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; char error_buffer[WOLFSSL_MAX_ERROR_SZ]; int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(backend->handle, mem, memlen); + int rc; + + ERR_clear_error(); + + rc = SSL_write(backend->handle, mem, memlen); if(rc <= 0) { int err = SSL_get_error(backend->handle, rc); @@ -831,7 +837,11 @@ static ssize_t wolfssl_recv(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; char error_buffer[WOLFSSL_MAX_ERROR_SZ]; int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(backend->handle, buf, buffsize); + int nread; + + ERR_clear_error(); + + nread = SSL_read(backend->handle, buf, buffsize); if(nread < 0) { int err = SSL_get_error(backend->handle, nread); @@ -916,6 +926,7 @@ static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn, (void) data; if(backend->handle) { + ERR_clear_error(); SSL_free(backend->handle); backend->handle = NULL; } |