summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES5
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/ssluse.c9
3 files changed, 16 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 4379303ad..6ea7c7c7b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
Changelog
Daniel Stenberg (5 June 2010)
+- Constantine Sapuntzakis fixed a case of spurious SSL connection aborts using
+ libcurl and OpenSSL. "I tracked it down to uncleared error state on the
+ OpenSSL error stack - patch attached deals with that."
+
+Daniel Stenberg (5 June 2010)
- Frank Meier added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and
CURLINFO_LOCAL_PORT to curl_easy_getinfo().
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 63860cd19..d95991984 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -37,6 +37,7 @@ This release includes the following bugfixes:
o TFTP block id wrap
o curl_multi_socket_action() timeout handles inaccuracy in timers better
o SCP/SFTP failure to respect the timeout
+ o spurious SSL connection aborts with OpenSSL
This release includes the following known bugs:
@@ -49,7 +50,7 @@ advice from friends like these:
Kamil Dudka, Alex Bligh, Ben Greear, Hoi-Ho Chan, Howard Chu, Dirk Manske,
Pavel Raiskup, John-Mark Bell, Eric Mertens, Tor Arntsen, Douglas Kilpatrick,
Igor Novoseltsev, Jason McDonald, Dan Fandrich, Tanguy Fautre, Guenter Knauf,
- Julien Chaffraix, Kalle Vahlman, Frank Meier
+ Julien Chaffraix, Kalle Vahlman, Frank Meier, Constantine Sapuntzakis
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 01eba90db..1b4da33d4 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -64,6 +64,7 @@
#include <openssl/x509v3.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
+#include <openssl/err.h>
#else
#include <rand.h>
#include <x509v3.h>
@@ -882,6 +883,8 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
int what = Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
if(what > 0) {
+ ERR_clear_error();
+
/* Something to read, let's do it and hope that it is the close
notify alert from the server */
nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
@@ -1684,6 +1687,8 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
|| ssl_connect_2_reading == connssl->connecting_state
|| ssl_connect_2_writing == connssl->connecting_state);
+ ERR_clear_error();
+
err = SSL_connect(connssl->handle);
/* 1 is fine
@@ -2512,6 +2517,8 @@ static ssize_t ossl_send(struct connectdata *conn,
int memlen;
int rc;
+ ERR_clear_error();
+
memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
@@ -2560,6 +2567,8 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
ssize_t nread;
int buffsize;
+ ERR_clear_error();
+
buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
if(nread < 0) {