tls: openssl: fix error handling for OpenSSL apis (#4584)

Signed-off-by: Ramya Krishnamoorthy <[email protected]>
fluent · Feb 15, 2022 · 96ac731 · 96ac731
1 parent c84b7cf
commit 96ac731
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/src/tls/flb_tls.c b/src/tls/flb_tls.c
@@ -180,6 +180,9 @@ int flb_tls_net_read(struct flb_upstream_conn *u_conn, void *buf, size_t len)
     if (ret == FLB_TLS_WANT_READ) {
         goto retry_read;
     }
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        goto retry_read;
+    }
     else if (ret < 0) {
         return -1;
     }
@@ -204,6 +207,12 @@ int flb_tls_net_read_async(struct flb_coro *co, struct flb_upstream_conn *u_conn
         flb_coro_yield(co, FLB_FALSE);
         goto retry_read;
     }
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        u_conn->coro = co;
+        io_tls_event_switch(u_conn, MK_EVENT_WRITE);
+        flb_coro_yield(co, FLB_FALSE);
+        goto retry_read;
+    }
     else if (ret < 0) {
         return -1;
     }

diff --git a/src/tls/openssl.c b/src/tls/openssl.c
@@ -353,13 +353,17 @@ static int tls_net_read(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_read(session->ssl, buf, len);
     if (ret <= 0) {
         ret = SSL_get_error(session->ssl, ret);
         if (ret == SSL_ERROR_WANT_READ) {
             ret = FLB_TLS_WANT_READ;
         }
-        else if (ret < 0) {
+        else if (ret == SSL_ERROR_WANT_WRITE) {
+            ret = FLB_TLS_WANT_WRITE;
+        }
+        else {
             ret = -1;
         }
     }
@@ -379,6 +383,7 @@ static int tls_net_write(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_write(session->ssl,
                     (unsigned char *) data + total,
                     len - total);
@@ -414,6 +419,7 @@ static int tls_net_handshake(struct flb_tls *tls, void *ptr_session)
         SSL_set_tlsext_host_name(session->ssl, tls->vhost);
     }
 
+    ERR_clear_error();
     ret = SSL_connect(session->ssl);
     if (ret != 1) {
         ret = SSL_get_error(session->ssl, ret);