From bb5801d1480314e09b4203d2525bd01aada5c683 Mon Sep 17 00:00:00 2001 From: Leonid Ishimnikov Date: Thu, 13 Aug 2020 15:37:50 -0400 Subject: glusterd: dump SSL error stack on disconnect Problem: When a non-SSL connection is attempted on an SSL-enabled management port, unrelated peers are subsequently disconnected from the node with a misleading error message. Cause: A non-SSL client causes OpenSSL to push a wrong version error into its thread-local error stack, but this error is never cleared, and it lingers in the stack until the thread is used by another SSL session, and a certain condition requires the error stack to be examined, at which time the old error is discovered and the connection is terminated. Solution: Log and clear the error stack upon terminating the connection. Change-Id: I82f3a723285df24dafc88850ae4fca65b69f6ae4 Fixes: #1418 Signed-off-by: Leonid Ishimnikov --- rpc/rpc-transport/socket/src/socket.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'rpc') diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index 65a41d93493..ed8b473be23 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -2950,6 +2950,13 @@ socket_event_handler(int fd, int idx, int gen, void *data, int poll_in, socket_dump_info(sa, priv->is_server, priv->use_ssl, priv->sock, this->name, "disconnecting from"); + /* Dump the SSL error stack to clear any errors that may otherwise + * resurface in the future. + */ + if (priv->use_ssl && priv->ssl_ssl) { + ssl_dump_error_stack(this->name); + } + /* Logging has happened already in earlier cases */ gf_log("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG), "EPOLLERR - disconnecting (sock:%d) (%s)", priv->sock, -- cgit