* backport r32658 from trunk.

* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
  SSLError from SSLSocket just after invoking SSLSocket#close.
  OpenSSL's SSL_shutdown could try to send alert packet and it might
  set SSLerr(global error stack) as the result. It causes the next
  SSL read/write operation to fail by unrelated reason.

  By design, we're ignoring any error at SSL_shutdown() so we clear
  global error stack after SSL_shutdown is called. See #5039.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@32660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 15 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index e9e87338b4..4bc97f8259 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Mon Jul 25 13:35:20 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
+
+	* backport r32658 from trunk.
+
+	* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated 
+	  SSLError from SSLSocket just after invoking SSLSocket#close. 
+	  OpenSSL's SSL_shutdown could try to send alert packet and it might 
+	  set SSLerr(global error stack) as the result. It causes the next
+	  SSL read/write operation to fail by unrelated reason.
+
+	  By design, we're ignoring any error at SSL_shutdown() so we clear 
+	  global error stack after SSL_shutdown is called. See #5039.
+
 Sun Jul 24 20:29:53 2011  Tanaka Akira  <akr@fsij.org>
 
 	* ext/socket/extconf.rb: refine the recvmsg test.
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4d878797d4..ed820cd431 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -983,7 +983,8 @@ ossl_ssl_shutdown(SSL *ssl)
 	    if (rc = SSL_shutdown(ssl))
 		break;
 	}
-        SSL_clear(ssl);
+	ERR_clear_error();
+	SSL_clear(ssl);
     }
 }