diff options
author | Leonid Ishimnikov <lishim@fastmail.com> | 2020-08-13 15:37:50 -0400 |
---|---|---|
committer | Leonid Ishimnikov <lishim@fastmail.com> | 2020-08-13 15:38:10 -0400 |
commit | bb5801d1480314e09b4203d2525bd01aada5c683 (patch) | |
tree | 7866d059d02dc83c48987486a467b87637f5f7b2 /rpc | |
parent | c43fd499e3464894c986be3c792d53ef35f2002d (diff) |
glusterd: dump SSL error stack on disconnect
Problem: When a non-SSL connection is attempted on an SSL-enabled
management port, unrelated peers are subsequently disconnected
from the node with a misleading error message.
Cause: A non-SSL client causes OpenSSL to push a wrong version error
into its thread-local error stack, but this error is never
cleared, and it lingers in the stack until the thread is used
by another SSL session, and a certain condition requires the error
stack to be examined, at which time the old error is discovered and
the connection is terminated.
Solution: Log and clear the error stack upon terminating the connection.
Change-Id: I82f3a723285df24dafc88850ae4fca65b69f6ae4
Fixes: #1418
Signed-off-by: Leonid Ishimnikov <lishim@fastmail.com>
Diffstat (limited to 'rpc')
-rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 65a41d93493..ed8b473be23 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -2950,6 +2950,13 @@ socket_event_handler(int fd, int idx, int gen, void *data, int poll_in, socket_dump_info(sa, priv->is_server, priv->use_ssl, priv->sock, this->name, "disconnecting from"); + /* Dump the SSL error stack to clear any errors that may otherwise + * resurface in the future. + */ + if (priv->use_ssl && priv->ssl_ssl) { + ssl_dump_error_stack(this->name); + } + /* Logging has happened already in earlier cases */ gf_log("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG), "EPOLLERR - disconnecting (sock:%d) (%s)", priv->sock, |