SSL: Fix SSL_get_error get the error of other coroutine. v5.0.155, v6.0.46 (#3513)

---------

Co-authored-by: john <hondaxiao@tencent.com>
Co-authored-by: winlin <winlin@vip.126.com>

trunk/src/app/srs_app_conn.cpp

@@ -798,7 +798,7 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
         }
 
-        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0);
+        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
         }
@@ -840,7 +840,7 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
         }
 
-        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0);
+        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         if (r0 == 1 && r1 == SSL_ERROR_NONE) {
             break;
         }
@@ -908,7 +908,7 @@ srs_error_t SrsSslConnection::read(void* plaintext, size_t nn_plaintext, ssize_t
     srs_error_t err = srs_success;
 
     while (true) {
-        int r0 = SSL_read(ssl, plaintext, nn_plaintext); int r1 = SSL_get_error(ssl, r0);
+        int r0 = SSL_read(ssl, plaintext, nn_plaintext); int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         int r2 = BIO_ctrl_pending(bio_in); int r3 = SSL_is_init_finished(ssl);
 
         // OK, got data.
@@ -966,7 +966,7 @@ srs_error_t SrsSslConnection::write(void* plaintext, size_t nn_plaintext, ssize_
     for (char* p = (char*)plaintext; p < (char*)plaintext + nn_plaintext;) {
         int left = (int)nn_plaintext - (p - (char*)plaintext);
         int r0 = SSL_write(ssl, (const void*)p, left);
-        int r1 = SSL_get_error(ssl, r0);
+        int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         if (r0 <= 0) {
             return srs_error_new(ERROR_HTTPS_WRITE, "https: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
         }

trunk/src/app/srs_app_conn.hpp

@@ -14,6 +14,7 @@
 #include <map>
 
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #include <srs_app_st.hpp>
 #include <srs_protocol_kbps.hpp>

trunk/src/app/srs_app_rtc_dtls.cpp

@@ -77,7 +77,7 @@ void ssl_on_info(const SSL* dtls, int where, int ret)
         method = "undefined";
     }
 
-    int r1 = SSL_get_error(dtls, ret);
+    int r1 = SSL_get_error(dtls, ret); ERR_clear_error();
     if (where & SSL_CB_LOOP) {
         srs_info("DTLS: method=%s state=%s(%s), where=%d, ret=%d, r1=%d", method, SSL_state_string(dtls),
             SSL_state_string_long(dtls), where, ret, r1);
@@ -528,7 +528,7 @@ srs_error_t SrsDtlsImpl::do_on_dtls(char* data, int nb_data)
     for (int i = 0; i < 1024 && BIO_ctrl_pending(bio_in) > 0; i++) {
         char buf[8092];
         int r0 = SSL_read(dtls, buf, sizeof(buf));
-        int r1 = SSL_get_error(dtls, r0);
+        int r1 = SSL_get_error(dtls, r0); ERR_clear_error();
 
         if (r0 <= 0) {
             // SSL_ERROR_ZERO_RETURN
@@ -580,7 +580,7 @@ srs_error_t SrsDtlsImpl::do_handshake()
 
     // Do handshake and get the result.
     int r0 = SSL_do_handshake(dtls);
-    int r1 = SSL_get_error(dtls, r0);
+    int r1 = SSL_get_error(dtls, r0); ERR_clear_error();
 
     // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
     if (r0 < 0 && (r1 != SSL_ERROR_NONE && r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE)) {
@@ -864,7 +864,7 @@ srs_error_t SrsDtlsClientImpl::cycle()
         }
 
         // The timeout is 0, so there must be a ARQ packet to transmit in openssl.
-        r0 = BIO_reset(bio_out); int r1 = SSL_get_error(dtls, r0);
+        r0 = BIO_reset(bio_out); int r1 = SSL_get_error(dtls, r0); ERR_clear_error();
         if (r0 != 1) {
             return srs_error_new(ERROR_OpenSslBIOReset, "BIO_reset r0=%d, r1=%d", r0, r1);
         }
@@ -873,7 +873,7 @@ srs_error_t SrsDtlsClientImpl::cycle()
         // had expired, it returns 0. Otherwise, it retransmits the previous flight of handshake
         // messages and returns 1. If too many timeouts had expired without progress or an error
         // occurs, it returns -1.
-        r0 = DTLSv1_handle_timeout(dtls); r1 = SSL_get_error(dtls, r0);
+        r0 = DTLSv1_handle_timeout(dtls); r1 = SSL_get_error(dtls, r0); ERR_clear_error();
         if (r0 == 0) {
             continue; // No timeout had expired.
         }

trunk/src/core/srs_core_version5.hpp

@@ -9,6 +9,6 @@
 
 #define VERSION_MAJOR       5
 #define VERSION_MINOR       0
-#define VERSION_REVISION    154
+#define VERSION_REVISION    155
 
 #endif

trunk/src/core/srs_core_version6.hpp

@@ -9,6 +9,6 @@
 
 #define VERSION_MAJOR       6
 #define VERSION_MINOR       0
-#define VERSION_REVISION    45
+#define VERSION_REVISION    46
 
 #endif

trunk/src/protocol/srs_protocol_http_client.cpp

@@ -90,7 +90,7 @@ srs_error_t SrsSslClient::handshake()
     SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
 
     // Send ClientHello.
-    int r0 = SSL_do_handshake(ssl); int r1 = SSL_get_error(ssl, r0);
+    int r0 = SSL_do_handshake(ssl); int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
     if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
         return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
     }
@@ -121,7 +121,8 @@ srs_error_t SrsSslClient::handshake()
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
         }
 
-        if ((r0 = SSL_do_handshake(ssl)) != -1 || (r1 = SSL_get_error(ssl, r0)) != SSL_ERROR_WANT_READ) {
+        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
+        if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
         }
 
@@ -159,7 +160,7 @@ srs_error_t SrsSslClient::handshake()
             return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
         }
 
-        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0);
+        r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         if (r0 == 1 && r1 == SSL_ERROR_NONE) {
             break;
         }
@@ -180,7 +181,7 @@ srs_error_t SrsSslClient::read(void* plaintext, size_t nn_plaintext, ssize_t* nr
     srs_error_t err = srs_success;
 
     while (true) {
-        int r0 = SSL_read(ssl, plaintext, nn_plaintext); int r1 = SSL_get_error(ssl, r0);
+        int r0 = SSL_read(ssl, plaintext, nn_plaintext); int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         int r2 = BIO_ctrl_pending(bio_in); int r3 = SSL_is_init_finished(ssl);
 
         // OK, got data.
@@ -228,7 +229,7 @@ srs_error_t SrsSslClient::write(void* plaintext, size_t nn_plaintext, ssize_t* n
     for (char* p = (char*)plaintext; p < (char*)plaintext + nn_plaintext;) {
         int left = (int)nn_plaintext - (p - (char*)plaintext);
         int r0 = SSL_write(ssl, (const void*)p, left);
-        int r1 = SSL_get_error(ssl, r0);
+        int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
         if (r0 <= 0) {
             return srs_error_new(ERROR_HTTPS_WRITE, "https: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
         }

trunk/src/protocol/srs_protocol_http_client.hpp

@@ -13,6 +13,7 @@
 #include <map>
 
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #include <srs_protocol_st.hpp>
 #include <srs_protocol_http_stack.hpp>