From be733d24824fe2a3502a1e4ab76d50699052dd65 Mon Sep 17 00:00:00 2001 From: Will Storey Date: Sun, 13 Mar 2016 13:28:04 -0700 Subject: [PATCH 1/2] Clear error queue before SSL I/O operations Otherwise we can see errors that are not related to the operation we check for. SSL_get_error() inspects the thread's error queue. See https://www.openssl.org/docs/manmaster/ssl/SSL_get_error.html for more information. --- src/core/network-openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 465c4154..d0f23253 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -289,6 +289,7 @@ static GIOStatus irssi_ssl_read(GIOChannel *handle, gchar *buf, gsize len, gsize const char *errstr; gchar *errmsg; + ERR_clear_error(); ret1 = SSL_read(chan->ssl, buf, len); if(ret1 <= 0) { @@ -334,6 +335,7 @@ static GIOStatus irssi_ssl_write(GIOChannel *handle, const gchar *buf, gsize len const char *errstr; gchar *errmsg; + ERR_clear_error(); ret1 = SSL_write(chan->ssl, (const char *)buf, len); if(ret1 <= 0) { @@ -581,6 +583,7 @@ int irssi_ssl_handshake(GIOChannel *handle) X509 *cert; const char *errstr; + ERR_clear_error(); ret = SSL_connect(chan->ssl); if (ret <= 0) { err = SSL_get_error(chan->ssl, ret); From 8ab6bdf2ce884fa7363272805287c341b2b2fb01 Mon Sep 17 00:00:00 2001 From: Will Storey Date: Sun, 13 Mar 2016 15:09:52 -0700 Subject: [PATCH 2/2] Add clear error calls to irssi_ssl_get_iochannel --- src/core/network-openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index d0f23253..a18e6fc7 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -473,6 +473,7 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ if(!(fd = g_io_channel_unix_get_fd(handle))) return NULL; + ERR_clear_error(); ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { g_error("Could not allocate memory for SSL context"); @@ -491,6 +492,7 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ scert = convert_home(mycert); if (mypkey && *mypkey) spkey = convert_home(mypkey); + ERR_clear_error(); if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM)) g_warning("Loading of client certificate '%s' failed: %s", mycert, ERR_reason_error_string(ERR_get_error())); else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM))