mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-10 09:07:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure

Browse Source 
It was reported in issue #2181, strange behavior during the new SSL
hanshake failure logs.

Errors were logged with the code 0, which is unknown to OpenSSL.

This patch mades 2 changes:

- It stops using ERR_error_string() when the SSL error code is 0
- It uses ERR_error_string_n() to be thread-safe

Must be backported to 2.8.
This commit is contained in:
William Lallemand 2023-06-12 16:23:29 +02:00
parent 28d17e26b8
commit 0c9ff0cde4
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/session.c
View File

@ -367,11 +367,13 @@ static void session_build_err_string(struct session *sess)
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
ssl_ctx = conn_get_ssl_sock_ctx(conn); ssl_ctx = conn_get_ssl_sock_ctx(conn);
/* when the SSL error code is present and during a SSL Handshake failure,
if (conn->err_code == CO_ER_SSL_HANDSHAKE && ssl_ctx) { * try to dump the error string from OpenSSL */
const char *err_ssl_str = ERR_error_string(ssl_ctx->error_code, NULL); if (conn->err_code == CO_ER_SSL_HANDSHAKE && ssl_ctx && ssl_ctx->error_code != 0) {
chunk_appendf(&trash, ": SSL handshake failure (");
chunk_appendf(&trash, ": SSL handshake failure (%s)\n", err_ssl_str); ERR_error_string_n(ssl_ctx->error_code, b_orig(&trash)+b_data(&trash), b_room(&trash));
trash.data = strlen(b_orig(&trash));
chunk_appendf(&trash, ")\n");
} }
else else