SSL: SSL_get_error gets the error of another coroutine. Errors in SSL operations can affect other SSL connections (SSL_read r0=-1, r1=1).

Description

Question:

There is an error in SSL operation, which can affect other SSL connections.

Reason:

The error value of SSL operation is stored in thread-local variables. When the operation fails, the ERR_peek_error() called internally by SSL_get_error() does not retrieve the error value. Other coroutines calling SSL_get_error may retrieve the residual error value from other operations.

Current known solution:

When an error occurs in SSL operation and the error code is obtained, it is necessary to call ERR_clear_error() to clear the error list.

Scope:

This applies to the tls/dtls-related parts of versions 4.0/5.0 and similar.

SRS Log:

[2023-04-04 02:18:20.167][INFO][1][2rde8cl3] TCP: before dispose resource(HttpsConn)(0x607000078f30), conns=3, zombies=0, ign=0, inz=0, ind=0
[2023-04-04 02:18:20.167][ERROR][1][2rde8cl3][0] serve error code=4042(HttpsHandshake)(Failed to do handshake for HTTPS) : start : handshake : handshake r0=-1, r1=1
thread [1][2rde8cl3]: do_cycle() [./src/app/srs_app_http_conn.cpp:152][errno=0]
thread [1][2rde8cl3]: on_start() [./src/app/srs_app_http_conn.cpp:372][errno=0]
thread [1][2rde8cl3]: handshake() [./src/app/srs_app_conn.cpp:849][errno=0]
[2023-04-04 02:18:20.167][INFO][1][wo3119g7] TCP: clear zombies=1 resources, conns=3, removing=0, unsubs=0
[2023-04-04 02:18:20.167][INFO][1][2rde8cl3] TCP: disposing #0 resource(HttpsConn)(0x607000078f30), conns=3, disposing=1, zombies=0
[2023-04-04 02:18:21.725][INFO][1][5q22q49d] TCP: before dispose resource(HttpsConn)(0x60700005b6b0), conns=2, zombies=0, ign=0, inz=0, ind=0
[2023-04-04 02:18:21.725][ERROR][1][5q22q49d][11] serve error code=4043(HttpsRead)(Failed to read data from HTTPS stream) : process request=0 : mux serve : serve http : recv thread : coroutine cycle : pop message : read response : SSL_read r0=-1, r1=1, r2=0, r3=1
thread [1][5q22q49d]: process_requests() [./src/app/srs_app_http_conn.cpp:206][errno=11]
thread [1][5q22q49d]: process_request() [./src/app/srs_app_http_conn.cpp:233][errno=11]
thread [1][5q22q49d]: serve_http() [./src/protocol/srs_protocol_http_stack.cpp:765][errno=11]
thread [1][5q22q49d]: do_serve_http() [./src/app/srs_app_http_stream.cpp:705][errno=11]
thread [1][5q22q49d]: cycle() [./src/app/srs_app_st.cpp:287][errno=0]
thread [1][5q22q49d]: cycle() [./src/app/srs_app_recv_thread.cpp:584][errno=0]
thread [1][5q22q49d]: pop_message() [./src/app/srs_app_http_conn.cpp:350][errno=0]
thread [1][5q22q49d]: read() [./src/app/srs_app_conn.cpp:946][errno=0](Resource temporarily unavailable)
[2023-04-04 02:18:21.725][INFO][1][wo3119g7] TCP: clear zombies=1 resources, conns=2, removing=0, unsubs=0
[2023-04-04 02:18:21.725][INFO][1][5q22q49d] TCP: disposing #0 resource(HttpsConn)(0x60700005b6b0), conns=2, disposing=1, zombies=0

SRS Config:

./conf/https.docker.conf

Replay

Step 1: Start the image

docker run --rm -it -p 1935:1935 -p 8080:8080 -p 8088:8088 -p 1985:1985 -p 1990:1990 \
registry.cn-hangzhou.aliyuncs.com/ossrs/srs:5 ./objs/srs -c ./conf/https.docker.conf

Step 2: Modify the local hosts file by adding a domain resolution line

192.168.110.49 serverip

Step 3: Open two playback pages simultaneously

https://192.168.110.49:8088/players/srs_player.html

Step 4: Stream the content

ffmpeg -re -i source.flv -c copy -f flv rtmp://192.168.110.49/live/livestream

Step 5: Start playing

### Playback Address 1: [https://192.168.110.49:8088/live/livestream.flv](https://192.168.110.49:8088/live/livestream.flv)
Successful playback.

### Playback Address 2: [https://serverip:8088/live/livestream.flv](https://serverip:8088/live/livestream.flv)
Playback Address 2 failed (ERR_CERT_AUTHORITY_INVALID), which also caused Playback Address 1 to fail (ERR_INCOMPLETE_CHUNKED_ENCODING).

Expect

An SSL error in one connection does not affect other SSL connections.

TRANS_BY_GPT3

ossrs / srs