summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2018-08-03 06:26:58 +0900
committerYu Watanabe <watanabe.yu+github@gmail.com>2018-08-03 06:26:58 +0900
commit59c3fee2c760ebd4dacb3db2cddf7fea4220d506 (patch)
treef3e7c2c4a31adbc232409dfe890a62a19ece901b /src
parent27d4866ad8dcbe95cfc4d59357c65c559737c1ae (diff)
downloadsystemd-59c3fee2c760ebd4dacb3db2cddf7fea4220d506.tar.gz
resolve: clear error queue before calling SSL_*()
Diffstat (limited to 'src')
-rw-r--r--src/resolve/resolved-dnstls-openssl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 5dd7737337..92a171f565 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -73,6 +73,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
SSL_set_session(s, server->dnstls_data.session);
SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
+ ERR_clear_error();
stream->dnstls_data.handshake = SSL_do_handshake(s);
if (stream->dnstls_data.handshake <= 0) {
error = SSL_get_error(s, stream->dnstls_data.handshake);
@@ -120,6 +121,7 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) {
}
if (stream->dnstls_data.shutdown) {
+ ERR_clear_error();
r = SSL_shutdown(stream->dnstls_data.ssl);
if (r <= 0) {
error = SSL_get_error(stream->dnstls_data.ssl, r);
@@ -149,6 +151,7 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) {
dns_stream_unref(stream);
return DNSTLS_STREAM_CLOSED;
} else if (stream->dnstls_data.handshake <= 0) {
+ ERR_clear_error();
stream->dnstls_data.handshake = SSL_do_handshake(stream->dnstls_data.ssl);
if (stream->dnstls_data.handshake <= 0) {
error = SSL_get_error(stream->dnstls_data.ssl, stream->dnstls_data.handshake);
@@ -197,6 +200,7 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) {
}
if (error == ETIMEDOUT) {
+ ERR_clear_error();
r = SSL_shutdown(stream->dnstls_data.ssl);
if (r == 0) {
if (!stream->dnstls_data.shutdown) {
@@ -249,6 +253,7 @@ ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t count) {
assert(stream->dnstls_data.ssl);
assert(buf);
+ ERR_clear_error();
ss = r = SSL_write(stream->dnstls_data.ssl, buf, count);
if (r <= 0) {
error = SSL_get_error(stream->dnstls_data.ssl, ss);
@@ -286,6 +291,7 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) {
assert(stream->dnstls_data.ssl);
assert(buf);
+ ERR_clear_error();
ss = r = SSL_read(stream->dnstls_data.ssl, buf, count);
if (r <= 0) {
error = SSL_get_error(stream->dnstls_data.ssl, ss);