Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2136 152afb58-edef-0310-8abb-c4023f1b3aa9

NEWS

@@ -8,6 +8,7 @@ NEWS
   * Fix mod_compress to compile with old gcc version (#1592)
   * Fix mod_extforward to compile with old gcc version (#1591)
   * Update documentation for #1587
+  * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls
 
 - 1.4.19 - 2008-03-10
 

src/connections.c

@@ -199,6 +199,7 @@ static int connection_handle_read_ssl(server *srv, connection *con) {
 
 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
 
+	ERR_clear_error();
 	do {
 		if (!con->ssl_error_want_reuse_buffer) {
 			b = buffer_init();
@@ -1669,13 +1670,16 @@ int connection_state_machine(server *srv, connection *con) {
 #ifdef USE_OPENSSL
 			if (srv_sock->is_ssl) {
 				int ret;
+				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
 				case 1:
 					/* ok */
 					break;
 				case 0:
-					SSL_shutdown(con->ssl);
-					break;
+					ERR_clear_error();
+					if ((ret = SSL_shutdown(con->ssl)) == 1) break;
+
+					// fall through
 				default:
 					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
 							SSL_get_error(con->ssl, ret),

src/network_openssl.c

@@ -85,6 +85,7 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu
 			 *
 			 */
 
+			ERR_clear_error();
 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
 				unsigned long err;
 
@@ -187,6 +188,7 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu
 
 				close(ifd);
 
+				ERR_clear_error();
 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
 					unsigned long err;