Just to add some more context related to this - IIRC, the patch proposed below (to clear the error queue only when an error occurred) was actually how this fix was implemented when it was first added (sometime during 5.3?) However, I think it was still resulting in some unexplained handshake/connect failures (which turned out to be not exactly connect failures, but were being marked so, due to stale error queue). And that was when the fix was changed to clear the error queue *before* calling connect.
All of this being a few years and releases ago, may no longer be the case and assuming the reordering of the clear queue tests good with no handshake failures or other side affects, this fix sounds fine. - Sudheer I agree this needs to be tested > On Sep 26, 2017, at 7:51 AM, Leif Hedstrom <[email protected]> wrote: > > >> On Sep 21, 2017, at 8:55 PM, [email protected] wrote: >> >> With the patch, the ERR_clear_error() will only be called when the error >> occurs. In the normal situation, ERR_clear_error() will not be called, so >> the Err_get_state() will not be called and no lock contention in openssl >> 1.0.1 with the patch. >> >> >> ----- 原始邮件 ----- >> 发件人:Bryan Call <[email protected]> >> 收件人:[email protected] >> 抄送人:users <[email protected]> >> 主题:Re: Openssl 1.1.0f Support >> 日期:2017年09月21日 23点37分 >> >> This only changes the order of the calls. There is still going to be lock >> contention inside OpenSSL 1.0.1. >> >> -Bryan > > > I think this makes a lot of sense (but I haven’t tested it). Did you make a > PR for this on Github? > > Cheers, > > — leif >
