From 7db477c4e4a60c2ab444c1a50309a3f395b9c53b Mon Sep 17 00:00:00 2001 From: Tor Brede Vekterli Date: Mon, 1 Oct 2018 12:37:31 +0000 Subject: Handle case where SSL_read fails when client has shutdown normally Break the connection silently when SSL_ERROR_ZERO_RETURN is returned from SSL_read, as this just implies the client has sent a shutdown alert frame. --- vespalib/src/vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.cpp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'vespalib') diff --git a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.cpp b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.cpp index 15db0128f1e..4f48f60b70c 100644 --- a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.cpp @@ -325,6 +325,9 @@ DecodeResult OpenSslCryptoCodecImpl::drain_and_produce_plaintext_from_ssl( // we've fed it thus far; caller must feed it some and then try again. LOG(spam, "SSL_read() returned SSL_ERROR_WANT_READ, must get more ciphertext"); return decode_needs_more_peer_data(); + case SSL_ERROR_ZERO_RETURN: + LOG(debug, "SSL_read() returned SSL_ERROR_ZERO_RETURN; connection has been shut down normally by the peer"); + return decode_failed(); // We'll just break the connection as per usual. default: LOG(error, "SSL_read() returned unexpected error: %s (%s)", ssl_error_to_str(ssl_error), ssl_error_from_stack().c_str()); -- cgit v1.2.3