Sophie: lighttpd-1.4.19-4mdv2009.0 src

lighttpd-1.4.19-4mdv2009.0.src.rpm

diff -r ade3eead0e8d -r 82c24356bcd0 NEWS
--- a/NEWS	Fri Mar 28 16:30:14 2008 +0100
+++ b/NEWS	Fri Mar 28 17:45:28 2008 +0100
@@ -8,6 +8,7 @@
   * added support for If-Range: <date> (#1346)
   * added support for matching $HTTP["scheme"] in configs
   * fixed initgroups() called after chroot (#1384)
+  * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls
   * fixed case-sensitive check for Auth-Method (#1456)
   * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
   * fixed a bug that made /-prefixed extensions being handled also when
diff -r ade3eead0e8d -r 82c24356bcd0 src/connections.c
--- a/src/connections.c	Fri Mar 28 16:30:14 2008 +0100
+++ b/src/connections.c	Fri Mar 28 17:45:28 2008 +0100
@@ -199,6 +199,7 @@
 
 	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
 
+	ERR_clear_error();
 	do {
 		if (!con->ssl_error_want_reuse_buffer) {
 			b = buffer_init();
@@ -1668,21 +1669,51 @@
 			}
 #ifdef USE_OPENSSL
 			if (srv_sock->is_ssl) {
-				int ret;
+				int ret, ssl_r;
+				unsigned long err;
+				ERR_clear_error();
 				switch ((ret = SSL_shutdown(con->ssl))) {
 				case 1:
 					/* ok */
 					break;
 				case 0:
-					SSL_shutdown(con->ssl);
-					break;
+					ERR_clear_error();
+					if (-1 != (ret = SSL_shutdown(con->ssl))) break;
+
+					/* fall through */
 				default:
-					log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-							SSL_get_error(con->ssl, ret),
-							ERR_error_string(ERR_get_error(), NULL));
-					return -1;
+
+					switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
+					case SSL_ERROR_WANT_WRITE:
+					case SSL_ERROR_WANT_READ:
+						break;
+					case SSL_ERROR_SYSCALL:
+						/* perhaps we have error waiting in our error-queue */
+						if (0 != (err = ERR_get_error())) {
+							do {
+								log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+										ssl_r, ret,
+										ERR_error_string(err, NULL));
+							} while((err = ERR_get_error()));
+						} else {
+							log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
+									ssl_r, ret, errno,
+									strerror(errno));
+						}
+	
+						break;
+					default:
+						while((err = ERR_get_error())) {
+							log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
+									ssl_r, ret,
+									ERR_error_string(err, NULL));
+						}
+	
+						break;
+					}
 				}
 			}
+			ERR_clear_error();
 #endif
 
 			switch(con->mode) {
diff -r ade3eead0e8d -r 82c24356bcd0 src/network_openssl.c
--- a/src/network_openssl.c	Fri Mar 28 16:30:14 2008 +0100
+++ b/src/network_openssl.c	Fri Mar 28 17:45:28 2008 +0100
@@ -85,6 +85,7 @@
 			 *
 			 */
 
+			ERR_clear_error();
 			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
 				unsigned long err;
 
@@ -187,6 +188,7 @@
 
 				close(ifd);
 
+				ERR_clear_error();
 				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
 					unsigned long err;