[前][次][番号順一覧][スレッド一覧]

ruby-changes:20610

From: nahi <ko1@a...>
Date: Mon, 25 Jul 2011 13:30:11 +0900 (JST)
Subject: [ruby-changes:20610] nahi:r32658 (trunk): * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated

nahi	2011-07-25 13:30:02 +0900 (Mon, 25 Jul 2011)

  New Revision: 32658

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=32658

  Log:
    * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated 
      SSLError from SSLSocket just after invoking SSLSocket#close. 
      OpenSSL's SSL_shutdown could try to send alert packet and it might 
      set SSLerr(global error stack) as the result. It causes the next
      SSL read/write operation to fail by unrelated reason.
    
      By design, we're ignoring any error at SSL_shutdown() so we clear 
      global error stack after SSL_shutdown is called. See #5039.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_ssl.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 32657)
+++ ChangeLog	(revision 32658)
@@ -1,3 +1,14 @@
+Mon Jul 25 13:09:42 2011  Hiroshi Nakamura  <nahi@r...>
+
+	* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
+	  SSLError from SSLSocket just after invoking SSLSocket#close.
+	  OpenSSL's SSL_shutdown could try to send alert packet and it might
+	  set SSLerr(global error stack) as the result. It causes the next
+	  SSL read/write operation to fail by unrelated reason.
+
+	  By design, we're ignoring any error at SSL_shutdown() so we clear
+	  global error stack after SSL_shutdown is called. See #5039.
+
 Sun Jul 24 20:29:53 2011  Tanaka Akira  <akr@f...>
 
 	* ext/socket/extconf.rb: refine the recvmsg test.
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 32657)
+++ ext/openssl/ossl_ssl.c	(revision 32658)
@@ -983,7 +983,8 @@
 	    if (rc = SSL_shutdown(ssl))
 		break;
 	}
-        SSL_clear(ssl);
+	ERR_clear_error();
+	SSL_clear(ssl);
     }
 }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]