Hello,
I get infrequent hangs with spamdyke 4.3.1 with SSL connections. As far
as I can tell the relevant code is not changed in spamdyke 5.x.
Using gdb I can see the following sequence:
spamdyke.c:2676: tls_read() is called (if ((read_result = NETWORK_READ(...))
tls.c:545: SSL_read() returns -1
tls.c548: SSL_get_error() returns 1 (SSL_ERROR_SSL)
spamdyke.c:2696: SSL_pending() says there is more data pending
With verbose logging I got:
ERROR: unable to read from SSL/TLS stream: A protocol or library failure
occurred, error:140800FF:lib(20):func(128):reason(255)
* One possibility is: according to SSL_shutdown()
<https://www.openssl.org/docs/man1.0.2/man3/SSL_shutdown.html>
documentation:
/"Note that SSL_shutdown() must not be called if a previous fatal error
has occurred on a connection i.e. if SSL_get_error() has returned
SSL_ERROR_SYSCALL or SSL_ERROR_SSL."/
As I understand it, spamdyke should abandon connection without further
attempts to read/write or anything if SSL_ERROR_SSL occurs.
* Another possibility is some kind of error handling confusion as
described in|https://github.com/openssl/openssl/issues/7291|
/|"|//Make sure you call //|ERR_clear_error()|//after any errors. If you
have stale errors on the error queue //|SSL_get_error()|//is going to
get confused."//||/
I can't swear by that, but if I'm not mistaken the errors started to
appear after upgrade to openssl 1.0.2r, which contains fix for
CVE-2019-1559 <https://nvd.nist.gov/vuln/detail/CVE-2019-1559>.
Best regards,
Teodor
//
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users
