Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Builder curl-ares-solaris11-sparc Build #4333

Results:

Build successful

SourceStamp:

Projectcurl
Repositoryhttps://github.com/curl/curl.git
Branchmaster
Revision8ec241bc990bc88c4f4f7275d81f9fb75b562a7a
Got Revision8ec241bc990bc88c4f4f7275d81f9fb75b562a7a
Changes1 change

BuildSlave:

unstable11s

Reason:

The SingleBranchScheduler scheduler named 'schedule-curl-ares-solaris11-sparc' triggered this build

Steps and Logfiles:

  1. git update ( 6 secs )
    1. stdio
  2. Runtest './tests/testcurl.pl --nogitpull ...' ( 28 mins, 57 secs )
    1. stdio
    2. resultlog
  3. Mail result 'cat resultlog ...' ( 0 secs )
    1. stdio

Build Properties:

NameValueSource
branch master Build
builddir /export/home/buildbot/slave/curl-ares-solaris11-sparc slave
buildername curl-ares-solaris11-sparc Builder
buildnumber 4333 Build
codebase Build
got_revision 8ec241bc990bc88c4f4f7275d81f9fb75b562a7a Git
osplatform SPARC SetPropertyFromCommand Step
osrelease 11 SetPropertyFromCommand Step
project curl Build
repository https://github.com/curl/curl.git Build
revision 8ec241bc990bc88c4f4f7275d81f9fb75b562a7a Build
scheduler schedule-curl-ares-solaris11-sparc Scheduler
slavename unstable11s BuildSlave
workdir /export/home/buildbot/slave/curl-ares-solaris11-sparc slave (deprecated)

Forced Build Properties:

NameLabelValue

Responsible Users:

  1. Viktor Szakats

Timing:

StartFri Aug 8 20:12:30 2025
EndFri Aug 8 21:07:41 2025
Elapsed55 mins, 10 secs

All Changes:

:

  1. Change #242500

    Category curl
    Changed by Viktor Szakats <commitohnoyoudont@vsz.me>
    Changed at Fri 08 Aug 2025 20:08:31
    Repository https://github.com/curl/curl.git
    Project curl
    Branch master
    Revision 8ec241bc990bc88c4f4f7275d81f9fb75b562a7a

    Comments

    openssl: clear errors after a failed `d2i_X509()`
Without it, subsequent OpenSSL API calls may fail with an error caught
within the OpenSSL `d2i_X509()` (decode) call.

It was seen to happen when importing from the Windows certificate store
(e.g. with `--ca-native`), and any one of the certificates failed while
decoding, then skipped.

Behind the scene (and undocumented), the failed decode call is adding
an error to an internal OpenSSL error queue. This error is picked up
later, at the connect phase, by another OpenSSL API call, which happens
to check the error queue, without clearing it first. It made the connect
fail with the error collected earlier, while decoding the malformed and
discarded certificate.

Fix by explicitly clearing the error queue if the decode call fails.

Ref: https://docs.openssl.org/3.5/man3/d2i_X509/

`-vvvv` output before this patch:
```
[0-0] == Info: successfully imported Windows ROOT store
[0-0] == Info: successfully imported Windows CA store
[0-0] == Info: [SSL] SSL_connect() -> err=-1, detail=1
[0-0] == Info: TLS connect error: error:068000DD:asn1 encoding routines::illegal padding
[0-0] == Info: [SSL] cf_connect() -> 35, done=0
```

Mainline OpenSSL (as of 3.5.2) and quictls (as of 3.3.0) are affected.

LibreSSL is not affected. (I did not test BoringSSL and AWS-LC)

Assisted-by: Stefan Eissing
Reported-by: MichaƂ Petryka
Fixes #18190

Closes #18228

    Changed files

    • lib/vtls/openssl.c
BuildBot (0.8.14) working for the OpenCSW Buildbot project.
Page built: Fri 29 Aug 2025 12:39:42 (CEST)