On Mon, May 11, 2020 at 11:43:41AM -0700, Alexander Vasarab wrote:
> May 11 11:23:54 vasaconsulting postfix/smtpd[21870]: warning: TLS
> library problem: error:140E0197:SSL routines:SSL_shutdown:shutdown
> while in init:../ssl/ssl_lib.c:2086:
The patch below avoids spurious SSL_ERROR_SSL indications when some
database library uses OpenSSL for its connections in a manner that
leaves spurious errors on the error queue. [ Tsk, tsk, the OP was not
using "proxymap" for his Postgres tables. ]
--- src/tls/tls_bio_ops.c
+++ src/tls/tls_bio_ops.c
@@ -194,6 +194,14 @@ int tls_bio(int fd, int timeout, TLS_SESS_STATE
*TLScontext,
* handling any pending network I/O.
*/
for (;;) {
+ /*
+ * Flush stale data from SSL error queue. Stale errors can confuse
+ * SSL_get_error(3). The requirement to flush the error queue before
+ * each I/O operation is documented. It seems we've been lucky all
+ * these years.
+ */
+ ERR_clear_error();
+
if (hsfunc)
status = hsfunc(TLScontext->con);
else if (rfunc)
--
Viktor.
