minfrin commented on code in PR #9:
URL: https://github.com/apache/serf/pull/9#discussion_r2211562355
##########
buckets/ssl_buckets.c:
##########
@@ -353,10 +357,17 @@ detect_renegotiate(const SSL *s, int where, int ret)
static void log_ssl_error(serf_ssl_context_t *ctx)
{
- unsigned long e = ERR_get_error();
- serf__log(LOGLVL_ERROR, LOGCOMP_SSL, __FILE__, ctx->config,
- "SSL Error: %s\n", ERR_error_string(e, NULL));
+ unsigned long err;
+
+ while ((err = ERR_get_error())) {
+
+ if (err && ctx->error_callback) {
+ char ebuf[256];
+ ERR_error_string_n(err, ebuf, sizeof(ebuf));
+ ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
Review Comment:
> Is it really necessary to use an internal char array and calling
ERR_error_string_n to copy the error message to this buffer. The error_callback
must copy the message to an application internal buffer anyway. Wouldn't it be
enough to:
>
> char *ebuf = ERR_error_string(err, NULL);
ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuff);
Alas not.
ERR_error_string() uses an openssl-internal buffer that is overwritten on
each call, and is not thread safe. ERR_error_string_n() fixed this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
