Fixed bug #78775

Clear the OpenSSL error queue before performing SSL stream operations.
As we don't control all code that could possibly be using OpenSSL,
we can't rely on the error queue being empty.

Author: nikic

NEWS

@@ -26,6 +26,10 @@ PHP                                                                        NEWS
     non-ascii characters). (mhagstrand)
   . Fixed bug #78747 (OpCache corrupts custom extension result). (Nikita)
 
+- OpenSSL:
+  . Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted
+    connections). (Nikita)
+
 - Reflection:
   . Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error 
     message with traits). (villfa)

ext/curl/tests/bug78775.phpt

@@ -0,0 +1,34 @@
+--TEST--
+Bug #78775: TLS issues from HTTP request affecting other encrypted connections
+--SKIPIF--
+<?php
+if (!extension_loaded('curl')) die('skip Requires curl');
+if (getenv('SKIP_ONLINE_TESTS')) die('skip Online test');
+?>
+--FILE--
+<?php
+
+$sock = fsockopen("tls://google.com", 443);
+
+var_dump($sock);
+
+$handle = curl_init('https://self-signed.badssl.com/');
+curl_setopt_array(
+    $handle,
+    [
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_SSL_VERIFYPEER => true,
+    ]
+);
+
+var_dump(curl_exec($handle));
+curl_close($handle);
+
+fwrite($sock, "GET / HTTP/1.0\n\n");
+var_dump(fread($sock, 8));
+
+?>
+--EXPECTF--
+resource(%d) of type (stream)
+bool(false)
+string(8) "HTTP/1.0"

ext/openssl/xp_ssl.c

@@ -1873,6 +1873,7 @@ static int php_openssl_enable_crypto(php_stream *stream,
 		do {
 			struct timeval cur_time, elapsed_time;
 
+			ERR_clear_error();
 			if (sslsock->is_client) {
 				n = SSL_connect(sslsock->ssl_handle);
 			} else {
@@ -2045,6 +2046,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz
 			}
 
 			/* Now, do the IO operation. Don't block if we can't complete... */
+			ERR_clear_error();
 			if (read) {
 				nr_bytes = SSL_read(sslsock->ssl_handle, buf, (int)count);