[openssl-users] OpenSSL 1.1.0 assertion failure: ssl_free_wbio_buffer()

Matt Caswell matt at openssl.org
Mon Apr 16 13:15:38 UTC 2018

On 16/04/18 11:38, Matt Caswell wrote:
> On 16/04/18 09:19, Marcus.Schafheutle at gmx.de wrote:
>> SSL_set_bio(ssl, NULL, NULL); // free BIOs when finished
> There should be no reason to do this. The BIO's will get freed
> automatically by the SSL_free() call.
>> Is this a faulty behavior of OpenSSL 1.1.0 or is the fault on my side? 
> This looks like a bug in OpenSSL. It should be able to tolerate passing
> NULL for wbio in the SSL_set_bio call, but apparently it can't in the
> case of a failed handshake. Please could you open an issue on github for
> this?
> The workaround is to remove the SSL_set_bio(SSL, NULL, NULL) call. It
> should not be necessary.

I created a fix and some tests here:


It turns out the assertion is completely bogus and can simply be removed.


More information about the openssl-users mailing list