From 5a050d74377cfca9a7127d797fe621c7789be288 Mon Sep 17 00:00:00 2001 From: "Alfred E. Heggestad" Date: Sat, 17 May 2014 16:48:15 +0200 Subject: dtls_srtp: clear openssl error queue on errors openssl has a nice global error queue, if an error occurs we must read out the error and then call ERR_clear_error(). otherwise other users of openssl in the same process will get our errors, and things will stop working. --- modules/dtls_srtp/tls_udp.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/dtls_srtp/tls_udp.c b/modules/dtls_srtp/tls_udp.c index 058641a..86a6b92 100644 --- a/modules/dtls_srtp/tls_udp.c +++ b/modules/dtls_srtp/tls_udp.c @@ -207,7 +207,10 @@ static void destructor(void *arg) struct dtls_flow *flow = arg; if (flow->ssl) { - (void)SSL_shutdown(flow->ssl); + int r = SSL_shutdown(flow->ssl); + if (r <= 0) + ERR_clear_error(); + SSL_free(flow->ssl); } @@ -222,7 +225,7 @@ static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg) { struct dtls_flow *flow = arg; uint8_t b; - int r; + int r, n; if (mbuf_get_left(mb) < 1) return false; @@ -240,7 +243,10 @@ static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg) if (r <= 0) return true; - SSL_read(flow->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb)); + n = SSL_read(flow->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb)); + if (n <= 0) { + ERR_clear_error(); + } if (!flow->up && SSL_state(flow->ssl) == SSL_ST_OK) { @@ -289,8 +295,10 @@ int dtls_flow_alloc(struct dtls_flow **flowp, struct tls *tls, goto out; flow->ssl = SSL_new(tls->ctx); - if (!flow->ssl) + if (!flow->ssl) { + ERR_clear_error(); goto out; + } flow->sbio_in = BIO_new(BIO_s_mem()); if (!flow->sbio_in) -- cgit v1.2.3