Fix SSL queue handling based on an upstream patch. PKGREVISION++

fhajny · fhajny · commit 484e8d9db996 · 2015-02-20T09:32:07.000Z
bumptech/stud#130
diff --git a/security/stud/Makefile b/security/stud/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2014/09/23 14:26:35 fhajny Exp $
+# $NetBSD: Makefile,v 1.4 2015/02/20 09:32:07 fhajny Exp $
 #
 
 PKGNAME=	stud-0.3p53
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	security
 MAINTAINER=	jym@NetBSD.org
 HOMEPAGE=	http://github.com/bumptech/stud
diff --git a/security/stud/distinfo b/security/stud/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.1 2013/03/16 19:41:35 jym Exp $
+$NetBSD: distinfo,v 1.2 2015/02/20 09:32:07 fhajny Exp $
 
 SHA1 (bumptech-stud-0.3-51-g0b88039.tar.gz) = fad22d9cf008b7db8f30d8d7ca0a6fcc177714de
 RMD160 (bumptech-stud-0.3-51-g0b88039.tar.gz) = 66a186e1095fd127945802ab681f5948ee1d4011
 Size (bumptech-stud-0.3-51-g0b88039.tar.gz) = 41000 bytes
 SHA1 (patch-Makefile) = c0794c6ebb3bdc3d55b473acec674a9f98b03ffb
 SHA1 (patch-configuration.c) = 886226a104f84bac6902bb8a8593d37a25653563
 SHA1 (patch-stud.8) = a6b36ab6ac8c65cbc70172a9c230b22965cbdc3d
-SHA1 (patch-stud.c) = 9b11693619291925376f35f1443bbec83a1d798b
+SHA1 (patch-stud.c) = aae56a212de51dfec4c31a9f4318818a79a51dfd
diff --git a/security/stud/patches/patch-stud.c b/security/stud/patches/patch-stud.c
@@ -1,7 +1,9 @@
-$NetBSD: patch-stud.c,v 1.1 2013/03/16 19:41:36 jym Exp $
+$NetBSD: patch-stud.c,v 1.2 2015/02/20 09:32:07 fhajny Exp $
 
 SunOS fixes as per https://github.com/bumptech/stud/pull/71.
---- stud.c.orig	2012-08-15 10:33:39.000000000 +0000
+SSL fixes as per https://github.com/bumptech/stud/pull/130.
+
+--- stud.c.orig	2012-08-10 23:40:19.000000000 +0000
 +++ stud.c
 @@ -189,9 +189,17 @@ typedef struct proxystate {
  
@@ -35,7 +37,38 @@ SunOS fixes as per https://github.com/bumptech/stud/pull/71.
      if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) {
          ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno));
      }
-@@ -1751,24 +1759,16 @@ void daemonize () {
+@@ -889,6 +897,13 @@ static void shutdown_proxy(proxystate *p
+         close(ps->fd_up);
+         close(ps->fd_down);
+ 
++        // Clear the SSL error queue - it might contain details
++        // of errors that we haven't consumed for whatever reason.
++        // If we don't, future calls to SSL_get_error will lead to 
++        // weird/confusing results that can throw off the handling
++        // of normal conditions like SSL_ERROR_WANT_READ.
++        ERR_clear_error();
++
+         SSL_set_shutdown(ps->ssl, SSL_SENT_SHUTDOWN);
+         SSL_free(ps->ssl);
+ 
+@@ -1197,7 +1212,15 @@ static void client_handshake(struct ev_l
+             shutdown_proxy(ps, SHUTDOWN_SSL);
+         }
+         else {
+-            LOG("{%s} Unexpected SSL error (in handshake): %d\n", w->fd == ps->fd_up ? "client" : "backend", err);
++
++            // Try and get more detail on the error from the SSL
++            // error queue. ERR_error_string requires a char buffer
++            // of 120 bytes.
++            unsigned long err_detail = ERR_get_error();
++            char err_msg[120];
++            ERR_error_string(err_detail, err_msg);
++
++            LOG("{client} Unexpected SSL error (in handshake): %d, %s\n", err, err_msg);
+             shutdown_proxy(ps, SHUTDOWN_SSL);
+         }
+     }
+@@ -1751,24 +1774,16 @@ void daemonize () {
          exit(0);
      }
  
