From d350fab25416ca3123d7c4e42c1b2a54713cf8bf Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Wed, 15 Apr 2015 16:08:44 +0000 Subject: Treat SSL_ERROR_ZERO_RETURN as a success, rather than a failure. Also ensure that outlen is set to zero so that tls_read() has read(2) like semantics for EOF. Spotted by doug@ --- lib/libtls/tls.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/libtls/tls.c') diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 002cccda5f6..f4bd108daca 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.10 2015/04/15 16:05:23 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.11 2015/04/15 16:08:43 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -246,11 +246,8 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) ssl_err = SSL_get_error(ssl_conn, ssl_ret); switch (ssl_err) { case SSL_ERROR_NONE: - return (0); - case SSL_ERROR_ZERO_RETURN: - tls_set_error(ctx, "%s failed: TLS connection closed", prefix); - return (-1); + return (0); case SSL_ERROR_WANT_READ: return (TLS_READ_AGAIN); @@ -301,6 +298,8 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen) return (0); } + *outlen = 0; + return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); } @@ -320,6 +319,8 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen) return (0); } + *outlen = 0; + return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); } -- cgit v1.2.3