Commit 8a7a277c authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

ossl_recv: check for an OpenSSL error, don't assume 

When we recently started to treat a zero return code from SSL_read() as
an error we also got false positives - which primarily looks to be
because the OpenSSL documentation is wrong and a zero return code is not
at all an error case in many situations.

Now ossl_recv() will check with ERR_get_error() to see if there is a
stored error and only then consider it to be a true error if SSL_read()
returned zero.

Bug: http://curl.haxx.se/bug/view.cgi?id=1249
Reported-by: Nach M. S.
Patch-by: Nach M. S.
parent 0030fbd3

lib/ssluse.c

+12 −6
Original line number Diff line number Diff line
@@ -2608,8 +2608,13 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ 
      *curlcode = CURLE_AGAIN;

      return -1;

    default:

      /* openssl/ssl.h says "look at error stack/return value/errno" */

      /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return

         value/errno" */

      /* http://www.openssl.org/docs/crypto/ERR_get_error.html */

      sslerror = ERR_get_error();

      if((nread < 0) || sslerror) {

        /* If the return code was negative or there actually is an error in the

           queue */

        failf(conn->data, "SSL read: %s, errno %d",

              ERR_error_string(sslerror, error_buffer),

              SOCKERRNO);
@@ -2617,6 +2622,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ 
        return -1;

      }

    }

  }

  return nread;

}