From: John Hawthorn <john@hawthorn.email>
Date: Fri, 25 Aug 2023 18:06:28 +0000 (-0700)
Subject: OpenSSL: clear error queue after SSL_shutdown
X-Git-Tag: curl-8_3_0~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6d44625305e96ec600bb4fe133295b342e79644e;p=thirdparty%2Fcurl.git

OpenSSL: clear error queue after SSL_shutdown

We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.

Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.

This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.

Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>

Closes #11736
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index cccfa964a3..c7f3e770fe 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1884,6 +1884,9 @@ static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
       (void)SSL_read(backend->handle, buf, (int)sizeof(buf));
 
       (void)SSL_shutdown(backend->handle);
+
+      ERR_clear_error();
+
       SSL_set_connect_state(backend->handle);
     }