diff options
author | Leonid Ishimnikov <lishim@fastmail.com> | 2020-08-13 15:37:50 -0400 |
---|---|---|
committer | Rinku Kothiya <rkothiya@redhat.com> | 2020-08-20 13:27:50 +0000 |
commit | 05060c9664153beb392206ae05a498d4d4178f5f (patch) | |
tree | db03f341a928f9cc80b23912efb5d0ea7caf2a44 | |
parent | c5fc58c8cb01753e2fed173c76aea1e9cc333862 (diff) |
glusterd: dump SSL error stack on disconnect
Problem: When a non-SSL connection is attempted on an SSL-enabled
management port, unrelated peers are subsequently disconnected
from the node with a misleading error message.
Cause: A non-SSL client causes OpenSSL to push a wrong version error
into its thread-local error stack, but this error is never
cleared, and it lingers in the stack until the thread is used
by another SSL session, and a certain condition requires the error
stack to be examined, at which time the old error is discovered and
the connection is terminated.
Solution: Log and clear the error stack upon terminating the connection.
Change-Id: I82f3a723285df24dafc88850ae4fca65b69f6ae4
Fixes: #1418
Signed-off-by: Leonid Ishimnikov <lishim@fastmail.com>
(cherry picked from commit bb5801d1480314e09b4203d2525bd01aada5c683)
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 17002d448ff..5d65fc56de8 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -2950,6 +2950,13 @@ socket_event_handler(int fd, int idx, int gen, void *data, int poll_in, socket_dump_info(sa, priv->is_server, priv->use_ssl, priv->sock, this->name, "disconnecting from"); + /* Dump the SSL error stack to clear any errors that may otherwise + * resurface in the future. + */ + if (priv->use_ssl && priv->ssl_ssl) { + ssl_dump_error_stack(this->name); + } + /* Logging has happened already in earlier cases */ gf_log("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG), "EPOLLERR - disconnecting (sock:%d) (%s)", priv->sock, |