From: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed, 24 Apr 2019 10:04:36 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.
X-Git-Tag: v2.0-dev3~184
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a28454ee2193b7c5b4729c056aa4fad533336eaf;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.

In ha_ssl_read()/ha_ssl_write(), if we couldn't send/receive data because
we got EAGAIN, return -1 and not 0, as older SSL versions expect that.
This should fix the problems with OpenSSL < 1.1.0.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 58ae8a264a..015943ee61 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -271,8 +271,10 @@ static int ha_ssl_write(BIO *h, const char *buf, int num)
 	tmpbuf.data = num;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR))
+	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
 		BIO_set_retry_write(h);
+		ret = -1;
+	}
 	return ret;
 }
 
@@ -304,8 +306,10 @@ static int ha_ssl_read(BIO *h, char *buf, int size)
 	tmpbuf.data = 0;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR))
+	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
 		BIO_set_retry_read(h);
+		ret = -1;
+	}
 
 	return ret;
 }