MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the handshake

During a SSL_do_handshake(), SSL_ERROR_ZERO_RETURN can be returned in case the remote peer sent a close_notify alert. Previously this would set the connection error to CO_ER_SSL_HANDSHAKE, this patch sets it to CO_ER_SSL_ABORT to have a more acurate error.
2025-02-21 13:16:57 +00:00 · 2023-06-26 17:42:09 +02:00 · 2023-06-26 17:42:09 +02:00 · e8e5762389
commit e8e5762389
parent 1231810963
1 changed files with 8 additions and 0 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -5984,6 +5984,14 @@ check_error:
 #endif /* BoringSSL or LibreSSL */
 			}
 			goto out_error;
+
+		} else if (ret == SSL_ERROR_ZERO_RETURN) {
+			/* The peer has closed the SSL session for writing by
+			 * sending a close_notify alert */
+			conn_ctrl_drain(conn);
+			conn->err_code = CO_ER_SSL_ABORT;
+			goto out_error;
+
 		}
 		else {
 			/* Fail on all other handshake errors */