OpenSSL: clear error queue after SSL_shutdown

We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.

Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.

This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.

Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>
Closes #11736

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index cccfa964a3ffe5ca1112abee248a840920630a09..c7f3e770feed07975507303db4484af59316c9f5 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1884,6 +1884,9 @@ static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
       (void)SSL_read(backend->handle, buf, (int)sizeof(buf));
 
       (void)SSL_shutdown(backend->handle);
+
+      ERR_clear_error();
+
       SSL_set_connect_state(backend->handle);
     }