AlinsRan commented on code in PR #11305:
URL: https://github.com/apache/apisix/pull/11305#discussion_r1621081188
##########
apisix/ssl.lua:
##########
@@ -153,6 +159,9 @@ local function aes_decrypt_pkey(origin, field)
for _, aes_128_cbc_with_iv in ipairs(aes_128_cbc_with_iv_tbl) do
local decrypted = aes_128_cbc_with_iv:decrypt(decoded_key)
if decrypted then
+ if C.ERR_peek_error() then
+ C.ERR_clear_error()
+ end
Review Comment:
In a single call, it may generate multiple openssl errors, and we should not
be responsible for handling errors thrown by the library. Instead, we should
ensure that no matter how many errors it generates, it should not affect normal
requests.
There are primarily two scenarios:
1. For successful decryption (normal request): We do not need to care about
the contents of the error queue; the error queue must be cleared.
2. For total decryption failure (failed request): In fact, nginx will clear
the error queue before the handshake, so we don't need to handle it
additionally.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
