diff options
author | Alfred E. Heggestad <aeh@db.org> | 2014-05-17 16:48:15 +0200 |
---|---|---|
committer | Alfred E. Heggestad <aeh@db.org> | 2014-05-17 16:48:15 +0200 |
commit | 5a050d74377cfca9a7127d797fe621c7789be288 (patch) | |
tree | a3414fd1ecfa52c525f5c832f266698cfa0a47fe /modules | |
parent | 204f01ac29b9424211a014a68dee383f67225e8b (diff) |
dtls_srtp: clear openssl error queue on errors
openssl has a nice global error queue, if an error occurs
we must read out the error and then call ERR_clear_error().
otherwise other users of openssl in the same process will
get our errors, and things will stop working.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/dtls_srtp/tls_udp.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/dtls_srtp/tls_udp.c b/modules/dtls_srtp/tls_udp.c index 058641a..86a6b92 100644 --- a/modules/dtls_srtp/tls_udp.c +++ b/modules/dtls_srtp/tls_udp.c @@ -207,7 +207,10 @@ static void destructor(void *arg) struct dtls_flow *flow = arg; if (flow->ssl) { - (void)SSL_shutdown(flow->ssl); + int r = SSL_shutdown(flow->ssl); + if (r <= 0) + ERR_clear_error(); + SSL_free(flow->ssl); } @@ -222,7 +225,7 @@ static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg) { struct dtls_flow *flow = arg; uint8_t b; - int r; + int r, n; if (mbuf_get_left(mb) < 1) return false; @@ -240,7 +243,10 @@ static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg) if (r <= 0) return true; - SSL_read(flow->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb)); + n = SSL_read(flow->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb)); + if (n <= 0) { + ERR_clear_error(); + } if (!flow->up && SSL_state(flow->ssl) == SSL_ST_OK) { @@ -289,8 +295,10 @@ int dtls_flow_alloc(struct dtls_flow **flowp, struct tls *tls, goto out; flow->ssl = SSL_new(tls->ctx); - if (!flow->ssl) + if (!flow->ssl) { + ERR_clear_error(); goto out; + } flow->sbio_in = BIO_new(BIO_s_mem()); if (!flow->sbio_in) |