tls: Issue #4098 Fix error handling for OpenSSL apis

Signed-off-by: Ramya Krishnamoorthy <[email protected]>
fluent · Jan 6, 2022 · a179eac · a179eac
1 parent 34bc5e2
commit a179eac
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 5 deletions.
diff --git a/src/tls/flb_tls.c b/src/tls/flb_tls.c
@@ -180,6 +180,9 @@ int flb_tls_net_read(struct flb_upstream_conn *u_conn, void *buf, size_t len)
     if (ret == FLB_TLS_WANT_READ) {
         goto retry_read;
     }
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        goto retry_read;
+    }
     else if (ret < 0) {
         return -1;
     }
@@ -204,11 +207,27 @@ int flb_tls_net_read_async(struct flb_coro *co, struct flb_upstream_conn *u_conn
         flb_coro_yield(co, FLB_FALSE);
         goto retry_read;
     }
-    else if (ret < 0) {
-        return -1;
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        u_conn->coro = co;
+
+        io_tls_event_switch(u_conn, MK_EVENT_WRITE);
+        flb_coro_yield(co, FLB_FALSE);
+
+        goto retry_read;
     }
-    else if (ret == 0) {
-        return -1;
+    else
+    {
+        /* We want this field to hold NULL at all times unless we are explicitly
+         * waiting to be resumed.
+         */
+        u_conn->coro = NULL;
+
+        if (ret < 0) {
+            return -1;
+        }
+        else if (ret == 0) {
+            return -1;
+        }
     }
 
     return ret;

diff --git a/src/tls/openssl.c b/src/tls/openssl.c
@@ -353,13 +353,17 @@ static int tls_net_read(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_read(session->ssl, buf, len);
     if (ret <= 0) {
         ret = SSL_get_error(session->ssl, ret);
         if (ret == SSL_ERROR_WANT_READ) {
             ret = FLB_TLS_WANT_READ;
         }
-        else if (ret < 0) {
+        else if (ret == SSL_ERROR_WANT_WRITE) {
+            ret = FLB_TLS_WANT_WRITE;
+        }
+        else {
             ret = -1;
         }
     }
@@ -379,6 +383,7 @@ static int tls_net_write(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_write(session->ssl,
                     (unsigned char *) data + total,
                     len - total);
@@ -414,6 +419,7 @@ static int tls_net_handshake(struct flb_tls *tls, void *ptr_session)
         SSL_set_tlsext_host_name(session->ssl, tls->vhost);
     }
 
+    ERR_clear_error();
     ret = SSL_connect(session->ssl);
     if (ret != 1) {
         ret = SSL_get_error(session->ssl, ret);