[tomcat] branch master updated: Make sure all errors from OpenSSL are fully cleared

Wed, 24 Feb 2021 01:35:45 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 85f214b  Make sure all errors from OpenSSL are fully cleared
85f214b is described below

commit 85f214bc8305a21b6e010424531366ff51b39958
Author: remm <[email protected]>
AuthorDate: Wed Feb 24 10:35:07 2021 +0100

    Make sure all errors from OpenSSL are fully cleared
    
    Related to bug 65131, make sure all errors from OpenSSL are fully
    cleared, as there could be more than one error present after an
    operation (confirmed in the OpenSSL API documentation).
---
 java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 4 ++--
 webapps/docs/changelog.xml                                 | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 27dbb80..8577dbe 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -962,8 +962,8 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
      * TODO: Check last error after every call to an SSL method and respond
      *       appropriately.
      */
-    private void clearLastError() {
-        SSL.getLastErrorNumber();
+    private static void clearLastError() {
+        while (SSL.getLastErrorNumber() != SSL.SSL_ERROR_NONE);
     }
 
     private SSLEngineResult.Status getEngineStatus() {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f638141..4a8cd19 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -169,6 +169,11 @@
         incomplete if the connection is closed before the response is fully
         written due to a write timeout. (markt)
       </fix>
+      <fix>
+        Related to bug <bug>65131</bug>, make sure all errors from OpenSSL are
+        fully cleared, as there could be more than one error present after
+        an operation (confirmed in the OpenSSL API documentation). (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to