[tomcat] branch 9.0.x updated: Make sure all errors from OpenSSL are fully cleared

remm Wed, 24 Feb 2021 01:37:50 -0800

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/9.0.x by this push:
     new 8589e68  Make sure all errors from OpenSSL are fully cleared
8589e68 is described below

commit 8589e68cb918463fa1d8c20add02dd5206e01c5d
Author: remm <[email protected]>
AuthorDate: Wed Feb 24 10:35:07 2021 +0100

    Make sure all errors from OpenSSL are fully cleared
    
    Related to bug 65131, make sure all errors from OpenSSL are fully
    cleared, as there could be more than one error present after an
    operation (confirmed in the OpenSSL API documentation).
---
 java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 4 ++--
 webapps/docs/changelog.xml                                 | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 27dbb80..8577dbe 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -962,8 +962,8 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
      * TODO: Check last error after every call to an SSL method and respond
      *       appropriately.
      */
-    private void clearLastError() {
-        SSL.getLastErrorNumber();
+    private static void clearLastError() {
+        while (SSL.getLastErrorNumber() != SSL.SSL_ERROR_NONE);
     }
 
     private SSLEngineResult.Status getEngineStatus() {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5f1ee2b..a46de2c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -143,6 +143,11 @@
         incomplete if the connection is closed before the response is fully
         written due to a write timeout. (markt)
       </fix>
+      <fix>
+        Related to bug <bug>65131</bug>, make sure all errors from OpenSSL are
+        fully cleared, as there could be more than one error present after
+        an operation (confirmed in the OpenSSL API documentation). (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[tomcat] branch 9.0.x updated: Make sure all errors from OpenSSL are fully cleared

Reply via email to