Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also

ensure that outlen is set to zero so that tls_read() has read(2) like
semantics for EOF.

Spotted by doug@

1 files changed, 6 insertions, 5 deletions

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 002cccda5f6..f4bd108daca 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.10 2015/04/15 16:05:23 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.11 2015/04/15 16:08:43 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -246,11 +246,8 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
 	ssl_err = SSL_get_error(ssl_conn, ssl_ret);
 	switch (ssl_err) {
 	case SSL_ERROR_NONE:
-		return (0);
-
 	case SSL_ERROR_ZERO_RETURN:
-		tls_set_error(ctx, "%s failed: TLS connection closed", prefix);
-		return (-1);
+		return (0);
 
 	case SSL_ERROR_WANT_READ:
 		return (TLS_READ_AGAIN);
@@ -301,6 +298,8 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
 		return (0);
 	}
 
+	*outlen = 0;
+
 	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); 
 }
 
@@ -320,6 +319,8 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
 		return (0);
 	}
 
+	*outlen = 0;
+
 	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); 
 }