24 Oct
2023
24 Oct
'23
9:08 p.m.
Module: kamailio
Branch: master
Commit: 4ec11b1a851d321959a0a38041bc7a6ea8107f39
URL: https://github.com/kamailio/kamailio/commit/4ec11b1a851d321959a0a38041bc7a6…
Author: Xenofon Karamanos <xk(a)gilawa.com>
Committer: GitHub <noreply(a)github.com>
Date: 2023-10-24T20:07:36+02:00
cdp: Add and apply cdp_openssl_clear_errors function (#3612)
* cdp: Add and apply cdp_openssl_clear_errors function
- add new function to clear OpenSSL errors prior to any SSL_* call
---
Modified: src/modules/cdp/cdp_tls.c
Modified: src/modules/cdp/cdp_tls.h
Modified: src/modules/cdp/receiver.c
---
Diff:
https://github.com/kamailio/kamailio/commit/4ec11b1a851d321959a0a38041bc7a6…
Patch:
https://github.com/kamailio/kamailio/commit/4ec11b1a851d321959a0a38041bc7a6…
---
diff --git a/src/modules/cdp/cdp_tls.c b/src/modules/cdp/cdp_tls.c
index 903445b676d..3f1c15fd182 100644
--- a/src/modules/cdp/cdp_tls.c
+++ b/src/modules/cdp/cdp_tls.c
@@ -164,6 +164,22 @@ int load_certificates(SSL_CTX *ctx, str *cert, str *key)
return 0;
}
+/*
+ * Get any leftover errors from OpenSSL and print them.
+ * ERR_get_error() also removes the error from the OpenSSL error stack.
+ * This is useful to call before any SSL_* IO calls to make sure
+ * we don't have any leftover errors from previous calls (OpenSSL docs).
+ */
+void cdp_openssl_clear_errors(void)
+{
+ int i;
+ char err[256];
+ while((i = ERR_get_error())) {
+ ERR_error_string(i, err);
+ LM_INFO("clearing leftover error before SSL_* calls: %s\n", err);
+ }
+}
+
SSL *init_ssl_conn(int client_fd, SSL_CTX *ctx)
{
X509 *cert = NULL;
@@ -184,6 +200,7 @@ SSL *init_ssl_conn(int client_fd, SSL_CTX *ctx)
goto cleanup;
}
/* Perform the TLS handshake */
+ cdp_openssl_clear_errors();
ssl_ret = SSL_connect(ssl);
if(ssl_ret != 1) {
error = SSL_get_error(ssl, ssl_ret);
diff --git a/src/modules/cdp/cdp_tls.h b/src/modules/cdp/cdp_tls.h
index b2e49408b34..a4981fbade9 100644
--- a/src/modules/cdp/cdp_tls.h
+++ b/src/modules/cdp/cdp_tls.h
@@ -67,6 +67,7 @@ static inline int tls_err_ret(char *s, SSL_CTX *ctx)
} while(0)
int tls_parse_method(str *method);
+void cdp_openssl_clear_errors(void);
void init_ssl_methods(void);
SSL_CTX *init_ssl_ctx(int method);
SSL *init_ssl_conn(int client_fd, SSL_CTX *ctx);
diff --git a/src/modules/cdp/receiver.c b/src/modules/cdp/receiver.c
index ceee98127f6..223d14dd403 100644
--- a/src/modules/cdp/receiver.c
+++ b/src/modules/cdp/receiver.c
@@ -537,6 +537,7 @@ static inline int do_read(serviced_peer_t *sp, char *dst, int n)
char *err_str;
if(sp->tls_conn) {
+ cdp_openssl_clear_errors();
cnt = SSL_read(sp->tls_conn, dst, n);
if(unlikely(cnt < 0)) {
ssl_err = SSL_get_error(sp->tls_conn, cnt);
@@ -687,6 +688,7 @@ static int do_write(serviced_peer_t *sp, const void *buf, int num)
char *err_str;
if(sp->tls_conn) {
+ cdp_openssl_clear_errors();
cnt = SSL_write(sp->tls_conn, buf, num);
if(unlikely(cnt <= 0)) {
ssl_err = SSL_get_error(sp->tls_conn, cnt);
402
days inactive
402
days old
0 comments
1 participants
participants (1)
-
GitHub