diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-02-27 23:31:38 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-02-27 23:31:40 +0100 |
commit | c6e2db2f14d98c6421401dea70f57333898ce782 (patch) | |
tree | f9452c837cde0f2b86f155a11a687ea4e7e1c71c | |
parent | f054fec5354830123b9ff8d47d9f73dd85083bc3 (diff) | |
download | node-c6e2db2f14d98c6421401dea70f57333898ce782.tar.gz |
crypto: clear error stack
Clear OpenSSL's error stack on return from Connection::HandleSSLError().
This stops stale errors from popping up later in the lifecycle of the
SSL connection where they would cause spurious failures.
This commit causes a 1-2% performance regression on `make bench-tls`.
We'll address that in follow-up commits if possible but let's ensure
correctness first.
Fixes #4771.
-rw-r--r-- | src/node_crypto.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 187b344be..44d2171d1 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -901,6 +901,16 @@ int Connection::HandleBIOError(BIO *bio, const char* func, int rv) { int Connection::HandleSSLError(const char* func, int rv, ZeroStatus zs) { + // Forcibly clear OpenSSL's error stack on return. This stops stale errors + // from popping up later in the lifecycle of the SSL connection where they + // would cause spurious failures. It's a rather blunt method, though. + // ERR_clear_error() isn't necessarily cheap either. + struct ClearErrorOnReturn { + ~ClearErrorOnReturn() { ERR_clear_error(); } + }; + ClearErrorOnReturn clear_error_on_return; + (void) &clear_error_on_return; // Silence unused variable warning. + if (rv > 0) return rv; if ((rv == 0) && (zs == kZeroIsNotAnError)) return rv; |