From: Dietmar Maurer Date: Fri, 20 Jan 2017 17:15:21 +0000 (+0100) Subject: call Net::SSLeay::ERR_clear_error() after auth_handler X-Git-Url: https://git.proxmox.com/?p=pve-http-server.git;a=commitdiff_plain;h=6389088689d751b15e1c880097227729bf1b2079 call Net::SSLeay::ERR_clear_error() after auth_handler Some auth_handlers use Crypt::OpenSSL::RSA, which seems to set the openssl error variable. We need to clear that here, else AnyEvent::TLS aborts the connection. --- diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm index 6e7d4ad..06d2e81 100755 --- a/PVE/APIServer/AnyEvent.pm +++ b/PVE/APIServer/AnyEvent.pm @@ -1184,6 +1184,11 @@ sub unshift_read_header { $reqstate->{peer_host}); }; if (my $err = $@) { + # HACK!! + # Some auth_handlers use Crypt::OpenSSL::RSA, which seems to set the openssl error + # variable. We need to clear that here, else AnyEvent::TLS aborts the connection. + Net::SSLeay::ERR_clear_error(); + # always delay unauthorized calls by 3 seconds my $delay = 3; if (my $formatter = PVE::APIServer::Formatter::get_login_formatter($format)) { @@ -1197,7 +1202,7 @@ sub unshift_read_header { $resp->header("Content-Type" => $ct); $resp->content($raw); } - $self->response($reqstate, $resp, undef, $nocomp, 3); + $self->response($reqstate, $resp, undef, $nocomp, $delay); } else { my $resp = HTTP::Response->new(HTTP_UNAUTHORIZED, $err); $self->response($reqstate, $resp, undef, 0, $delay);