From 0ff059f7fc65b3aab00f59f50f84655879473ed3 Mon Sep 17 00:00:00 2001
From: Ramya <89954993+krispraws@users.noreply.github.com>
Date: Fri, 17 Sep 2021 22:42:54 +0000
Subject: [PATCH] tls: Issue #4098 Fix error handling for OpenSSL apis

Signed-off-by: Ramya <89954993+krispraws@users.noreply.github.com>
---
 src/tls/flb_tls.c | 11 +++++++++++
 src/tls/openssl.c |  8 +++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/tls/flb_tls.c b/src/tls/flb_tls.c
index 26c42ebd6f5..26974353a69 100644
--- a/src/tls/flb_tls.c
+++ b/src/tls/flb_tls.c
@@ -180,6 +180,9 @@ int flb_tls_net_read(struct flb_upstream_conn *u_conn, void *buf, size_t len)
     if (ret == FLB_TLS_WANT_READ) {
         goto retry_read;
     }
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        goto retry_read;
+    }
     else if (ret < 0) {
         return -1;
     }
@@ -206,6 +209,14 @@ int flb_tls_net_read_async(struct flb_coro *co, struct flb_upstream_conn *u_conn
 
         goto retry_read;
     }
+    else if (ret == FLB_TLS_WANT_WRITE) {
+        u_conn->coro = co;
+
+        io_tls_event_switch(u_conn, MK_EVENT_WRITE);
+        flb_coro_yield(co, FLB_FALSE);
+        
+        goto retry_read;
+    }
     else
     {
         /* We want this field to hold NULL at all times unless we are explicitly
diff --git a/src/tls/openssl.c b/src/tls/openssl.c
index f39a0ce8a34..57a2da95355 100644
--- a/src/tls/openssl.c
+++ b/src/tls/openssl.c
@@ -353,13 +353,17 @@ static int tls_net_read(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_read(session->ssl, buf, len);
     if (ret <= 0) {
         ret = SSL_get_error(session->ssl, ret);
         if (ret == SSL_ERROR_WANT_READ) {
             ret = FLB_TLS_WANT_READ;
         }
-        else if (ret < 0) {
+        else if (ret == SSL_ERROR_WANT_WRITE) {
+            ret = FLB_TLS_WANT_WRITE;
+        }
+        else {
             ret = -1;
         }
     }
@@ -379,6 +383,7 @@ static int tls_net_write(struct flb_upstream_conn *u_conn,
     ctx = session->parent;
     pthread_mutex_lock(&ctx->mutex);
 
+    ERR_clear_error();
     ret = SSL_write(session->ssl,
                     (unsigned char *) data + total,
                     len - total);
@@ -414,6 +419,7 @@ static int tls_net_handshake(struct flb_tls *tls, void *ptr_session)
         SSL_set_tlsext_host_name(session->ssl, tls->vhost);
     }
 
+    ERR_clear_error();
     ret = SSL_connect(session->ssl);
     if (ret != 1) {
         ret = SSL_get_error(session->ssl, ret);