From: Nathan Hoad <nathan@getoffmalawn.com>
Date: Wed, 13 May 2015 12:00:37 +0000 (-0700)
Subject: Bug 4236: SSL negotiation error of 'success'
X-Git-Tag: merge-candidate-3-v1~125
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9447f011cb8d972b4a3617098721ca9ef8cc0f2;p=thirdparty%2Fsquid.git

Bug 4236: SSL negotiation error of 'success'
---

diff --git a/src/client_side.cc b/src/client_side.cc
index b211aec493..93a54dceaf 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3572,7 +3572,9 @@ Squid_SSL_accept(ConnStateData *conn, PF *callback)
     SSL *ssl = fd_table[fd].ssl;
     int ret;
 
+    errno = 0;
     if ((ret = SSL_accept(ssl)) <= 0) {
+        int xerrno = errno;
         int ssl_error = SSL_get_error(ssl, ret);
 
         switch (ssl_error) {
@@ -3586,17 +3588,11 @@ Squid_SSL_accept(ConnStateData *conn, PF *callback)
             return 0;
 
         case SSL_ERROR_SYSCALL:
-
             if (ret == 0) {
                 debugs(83, 2, "Error negotiating SSL connection on FD " << fd << ": Aborted by client: " << ssl_error);
             } else {
-                int hard = 1;
-
-                if (errno == ECONNRESET)
-                    hard = 0;
-
-                debugs(83, hard ? 1 : 2, "Error negotiating SSL connection on FD " <<
-                       fd << ": " << strerror(errno) << " (" << errno << ")");
+                debugs(83, (xerrno == ECONNRESET) ? 1 : 2, "Error negotiating SSL connection on FD " << fd << ": " <<
+                           (xerrno == 0 ? ERR_error_string(ssl_error, NULL) : xstrerr(xerrno)));
             }
             return -1;