[Libwebsockets] OpenSSL error queue handling issues
ahanins at gmail.com
Thu Jul 11 09:56:35 CEST 2019
On 7/10/19 10:46 PM, Andy Green wrote:
> Thanks for reporting it, but well... that is not what I would call a
> "catastrophe". It does sound like it isn't how it should be though.
It's subjective indeed, but in my world it's a catastrophe when an error
generated by one connection leads to a disconnect of other arbitrary
> The right thing seems to be to change the diagnostic api to use
For diagnostics - yes. But just for you to know - the SSL_get_error()
used from lws_ssl_get_error() does not modify the error queue whereas
ERR_get_error() does remove the earliest error from the queue. Ideally,
each failed OpenSSL API call should be followed by ERR_get_error() to
clear the queue, but that's a slightly bigger change, because all
invocations of OpenSSL API should be inspected. Not all of them push
errors to the queue. Now after we've added (see my PR) hopefully all
missing ERR_clear_error() the libwebsockets is guaranteed to get the
right error code where it really matters but as we don't always clear
the queue after us, some other code in the same thread may not be ready
for such situations. The simplest solution could be to clear the error
queue by ERR_clear_error() right before exiting from libwebsockets entry
points like lws_service_fd(). What do you think about it?
> If you had joined me at
> the grindstone before imagine how much better and further along
> everything would be.
Andy, I truly value your and others work put into libwebsockets which
successfully served our project for years, but I was genuinely surprised
how that error queue handling issue survived for so long.
> I pushed patches on v3.1-stable and master, please take a look.
I've created a pull request for v3.1-stable which adds more
ERR_clear_error() before important calls. Also fixed a few places where
lws_ssl_get_error() was used incorrectly.
>> BR, Andrey
>> Libwebsockets mailing list
>> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets