vapier 14/04/13 17:07:17 Added: openssl-1.0.2-free-list-fix.patch Log: Enable OPENSSL_NO_BUF_FREELISTS in our builds. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Revision Changes Path 1.1 dev-libs/openssl/files/openssl-1.0.2-free-list-fix.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.2-free-list-fix.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.2-free-list-fix.patch?rev=1.1&content-type=text/plain Index: openssl-1.0.2-free-list-fix.patch =================================================================== >From 4a56fe7c2bebc029cee4ad1445c440f66ed038bc Mon Sep 17 00:00:00 2001 From: Aleksey Samsonov <[email protected]> Date: Mon, 17 Feb 2014 06:08:26 +0400 Subject: [PATCH] Don't release read buffer if read-ahead left Fix error: SSL_read() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) More information to reproduce: http://trac.nginx.org/nginx/ticket/215 http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004385.html --- ssl/s3_pkt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b9e45c7..30b74c2 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1335,7 +1335,8 @@ start: s->rstate=SSL_ST_READ_HEADER; rr->off=0; if (s->mode & SSL_MODE_RELEASE_BUFFERS) - ssl3_release_read_buffer(s); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + ssl3_release_read_buffer(s); } } return(n); -- 1.8.4
