From 8d1cfeb5ba830b360fe6e1228190ed900842a3ea Mon Sep 17 00:00:00 2001 From: Ramya <89954993+krispraws@users.noreply.github.com> Date: Fri, 17 Sep 2021 22:42:54 +0000 Subject: [PATCH] tls: Issue #4098 Fix error handling for OpenSSL apis Signed-off-by: Ramya <89954993+krispraws@users.noreply.github.com> --- src/tls/flb_tls.c | 9 +++++++++ src/tls/openssl.c | 8 +++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/tls/flb_tls.c b/src/tls/flb_tls.c index 5731fcd4077..a690397d1c3 100644 --- a/src/tls/flb_tls.c +++ b/src/tls/flb_tls.c @@ -180,6 +180,9 @@ int flb_tls_net_read(struct flb_upstream_conn *u_conn, void *buf, size_t len) if (ret == FLB_TLS_WANT_READ) { goto retry_read; } + else if (ret == FLB_TLS_WANT_WRITE) { + goto retry_read; + } else if (ret < 0) { return -1; } @@ -204,6 +207,12 @@ int flb_tls_net_read_async(struct flb_coro *co, struct flb_upstream_conn *u_conn flb_coro_yield(co, FLB_FALSE); goto retry_read; } + else if (ret == FLB_TLS_WANT_WRITE) { + u_conn->coro = co; + io_tls_event_switch(u_conn, MK_EVENT_WRITE); + flb_coro_yield(co, FLB_FALSE); + goto retry_read; + } else if (ret < 0) { return -1; } diff --git a/src/tls/openssl.c b/src/tls/openssl.c index f39a0ce8a34..57a2da95355 100644 --- a/src/tls/openssl.c +++ b/src/tls/openssl.c @@ -353,13 +353,17 @@ static int tls_net_read(struct flb_upstream_conn *u_conn, ctx = session->parent; pthread_mutex_lock(&ctx->mutex); + ERR_clear_error(); ret = SSL_read(session->ssl, buf, len); if (ret <= 0) { ret = SSL_get_error(session->ssl, ret); if (ret == SSL_ERROR_WANT_READ) { ret = FLB_TLS_WANT_READ; } - else if (ret < 0) { + else if (ret == SSL_ERROR_WANT_WRITE) { + ret = FLB_TLS_WANT_WRITE; + } + else { ret = -1; } } @@ -379,6 +383,7 @@ static int tls_net_write(struct flb_upstream_conn *u_conn, ctx = session->parent; pthread_mutex_lock(&ctx->mutex); + ERR_clear_error(); ret = SSL_write(session->ssl, (unsigned char *) data + total, len - total); @@ -414,6 +419,7 @@ static int tls_net_handshake(struct flb_tls *tls, void *ptr_session) SSL_set_tlsext_host_name(session->ssl, tls->vhost); } + ERR_clear_error(); ret = SSL_connect(session->ssl); if (ret != 1) { ret = SSL_get_error(session->ssl, ret);