MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the handshake

During a SSL_do_handshake(), SSL_ERROR_ZERO_RETURN can be returned in case
the remote peer sent a close_notify alert. Previously this would set the
connection error to CO_ER_SSL_HANDSHAKE, this patch sets it to
CO_ER_SSL_ABORT to have a more acurate error.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ff0db9d1a1c2af5ead244dd18dcbed9cf329190d..9af57cce1accfe948c657127717c7af1e2e2f190 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5984,6 +5984,14 @@ check_error:
 #endif /* BoringSSL or LibreSSL */
                        }
                        goto out_error;
+
+               } else if (ret == SSL_ERROR_ZERO_RETURN) {
+                       /* The peer has closed the SSL session for writing by
+                        * sending a close_notify alert */
+                       conn_ctrl_drain(conn);
+                       conn->err_code = CO_ER_SSL_ABORT;
+                       goto out_error;
+
                }
                else {
                        /* Fail on all other handshake errors */