ralight
commented
3 weeks ago Thank you, I've added this change to a separate commit because you haven't signed the ECA - but there is no other way to implement this change. It will be in 2.0.19.
Closed koranyellow closed 3 weeks ago
ralight
commented
3 weeks ago Thank you, I've added this change to a separate commit because you haven't signed the ECA - but there is no other way to implement this change. It will be in 2.0.19.
Description
Was seeing spurious SSL connection aborts using libmosquitto and OpenSSL. I tracked it down to uncleared error state on the OpenSSL error stack - patch attached deals with that.
Rough idea of problem:
Code that uses libmosquitto calls some library that uses OpenSSL but don't clear the OpenSSL error stack after an error. lib/net_mosq.c calls SSL_read which eventually gets an EWOULDBLOCK from the OS. Returns -1 to indicate an error lib/net_mosq.c calls SSL_get_error. First thing, SSL_get_error calls ERR_get_error to check the OpenSSL error stack, finds an old error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
lib/net_mosq.c returns an error and aborts the connection
Solution:
Clear the openssl error stack before calling SSL_* operation if we're going to call SSL_get_error afterwards.
Notes:
This is much more likely to happen with multi because it's easier to intersperse other calls to the OpenSSL library in the same thread.
Thank you for contributing your time to the Mosquitto project!
Before you go any further, please note that we cannot accept contributions if you haven't signed the Eclipse Contributor Agreement. If you aren't able to do that, or just don't want to, please describe your bug fix/feature change in an issue. For simple bug fixes it is can be just as easy for us to be told about the problem and then go fix it directly.
Then please check the following list of things we ask for in your pull request:
make testwith your changes locally?The problem appears after #commit.