Skip to content

[Backport to v9.18] TLS: clear error queue before doing IO or calling SSL_get_error()

Ensure that TLS error is empty before calling SSL_get_error() or doing SSL I/O so that the result will not get affected by prior error statuses.

In particular, the improper error handling led to intermittent unit test failure and, thus, could be responsible for some of the system test failures and other intermittent TLS-related issues.

See here for more details:

In particular, it mentions the following:

The current thread's error queue must be empty before the TLS/SSL I/O operation is attempted, or SSL_get_error() will not work reliably.

As we use the result of SSL_get_error() to decide on I/O operations, we need to ensure that it works reliably by cleaning the error queue.

Backport of !6892 (merged).

Edited by Artem Boldariev

Merge request reports