-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Product Performance
-
Fully Compatible
-
Server Security 2026-03-27
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Summary
engine::purge_error_state() calls ERR_clear_error() before every SSL read and write operation. In normal conditions, the OpenSSL error queue is empty, making the clear unnecessary.
An ERR_peek_error() guard was already present for OpenSSL <1.1, but is missing for the newer version we use.
Proposed Fix
Add an ERR_peek_error() guard for OpenSSL 1.1+
See changes in this patch.
ERR_peek_error() is a read-only peek at the head of the thread-local error queue. If it returns 0, the queue is empty and there's nothing to clear.
Expected Impact
We saw a 1.7% throughput improvement in our 100 read YCSB test (multipatch)