diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2020-03-26 23:20:08 -0300 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2020-03-29 18:46:51 +0200 |
commit | eea3a9625cc90f4fcd19e693dc2b4d5f9009dad2 (patch) | |
tree | 0f5145137cd7c9b925efe2a541a64c61c0fc5ab6 /package/system | |
parent | c6c3f6bb0a5bb1af91bd7a0237a0e54e12c8f29c (diff) | |
download | upstream-eea3a9625cc90f4fcd19e693dc2b4d5f9009dad2.tar.gz upstream-eea3a9625cc90f4fcd19e693dc2b4d5f9009dad2.tar.bz2 upstream-eea3a9625cc90f4fcd19e693dc2b4d5f9009dad2.zip |
openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2e8a4db9b6b942e3180afda0dc0fd8ac506527f1)
Diffstat (limited to 'package/system')
0 files changed, 0 insertions, 0 deletions