diff options
authorLeonid Ishimnikov <>2020-08-13 15:37:50 -0400
committerLeonid Ishimnikov <>2020-08-13 15:38:10 -0400
commitbb5801d1480314e09b4203d2525bd01aada5c683 (patch)
parentc43fd499e3464894c986be3c792d53ef35f2002d (diff)
glusterd: dump SSL error stack on disconnect
Problem: When a non-SSL connection is attempted on an SSL-enabled management port, unrelated peers are subsequently disconnected from the node with a misleading error message. Cause: A non-SSL client causes OpenSSL to push a wrong version error into its thread-local error stack, but this error is never cleared, and it lingers in the stack until the thread is used by another SSL session, and a certain condition requires the error stack to be examined, at which time the old error is discovered and the connection is terminated. Solution: Log and clear the error stack upon terminating the connection. Change-Id: I82f3a723285df24dafc88850ae4fca65b69f6ae4 Fixes: #1418 Signed-off-by: Leonid Ishimnikov <>
1 files changed, 7 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 65a41d93493..ed8b473be23 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -2950,6 +2950,13 @@ socket_event_handler(int fd, int idx, int gen, void *data, int poll_in,
socket_dump_info(sa, priv->is_server, priv->use_ssl, priv->sock,
this->name, "disconnecting from");
+ /* Dump the SSL error stack to clear any errors that may otherwise
+ * resurface in the future.
+ */
+ if (priv->use_ssl && priv->ssl_ssl) {
+ ssl_dump_error_stack(this->name);
+ }
/* Logging has happened already in earlier cases */
gf_log("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG),
"EPOLLERR - disconnecting (sock:%d) (%s)", priv->sock,