io.sockets.secure: call ERR_clear_error before some SSL functions

Apparently you should do this all the time?

https://stackoverflow.com/questions/18179128/how-to-manage-the-error-queue-in-openssl-ssl-get-error-and-err-get-error

diff --git a/basis/io/sockets/secure/openssl/openssl.factor b/basis/io/sockets/secure/openssl/openssl.factor
index 956ea6a1acdbec39331d66d561097338d78e9fee..af8d4ec747925e93cfa91ed2da4bcd2b9cb59f90 100644 (file)
--- a/basis/io/sockets/secure/openssl/openssl.factor
+++ b/basis/io/sockets/secure/openssl/openssl.factor
@@ -344,8 +344,9 @@ PRIVATE>
 
 ! Input ports
 : do-ssl-read ( buffer ssl-handle -- event/f )
-    2dup handle>> swap [ buffer-end ] [ buffer-capacity ] bi SSL_read
-    dup 0 > [ nip swap buffer+ f ] [ check-ssl-error nip ] if ;
+    2dup handle>> swap [ buffer-end ] [ buffer-capacity ] bi
+    ERR_clear_error SSL_read dup 0 >
+    [ nip swap buffer+ f ] [ check-ssl-error nip ] if ;
 
 : throw-if-terminated ( ssl-handle -- ssl-handle )
     dup terminated>> [ premature-close-error ] when ;
@@ -356,8 +357,8 @@ M: ssl-handle refill
 
 ! Output ports
 : do-ssl-write ( buffer ssl-handle -- event/f )
-    2dup handle>> swap [ buffer@ ] [ buffer-length ] bi SSL_write
-    dup 0 > [
+    2dup handle>> swap [ buffer@ ] [ buffer-length ] bi
+    ERR_clear_error SSL_write dup 0 > [
         nip over buffer-consume buffer-empty? f +output+ ?
     ] [ check-ssl-error nip ] if ;
 

diff --git a/basis/io/sockets/secure/unix/unix.factor b/basis/io/sockets/secure/unix/unix.factor
index ef89578e1362c26bc8a11fb411cff17023175070..99e81735c2c7a360c6bf5e3a4c3a7091475656f2 100644 (file)
--- a/basis/io/sockets/secure/unix/unix.factor
+++ b/basis/io/sockets/secure/unix/unix.factor
@@ -29,7 +29,8 @@ M: secure (accept)
     ] with-destructors ;
 
 : (shutdown) ( ssl-handle -- )
-    dup dup handle>> SSL_shutdown check-ssl-error
+    dup dup handle>>
+    ERR_clear_error SSL_shutdown check-ssl-error
     [ dupd wait-for-fd (shutdown) ] [ drop ] if* ;
 
 M: ssl-handle shutdown