tls-socket: Handle sending fatal errors better

In particular as server, the previous code might cause it to hang in
recv() if this case wasn't triggered by a close notify (followed by a
shutdown of the socket) but it e.g. failed processing a ServerHello and
responded with a fatal alert.

Fixes: 09fbaad6bd71 ("tls-socket: Don't fail reading if sending data failed")

diff --git a/src/libtls/tls_socket.c b/src/libtls/tls_socket.c
index 75f1469298515cbfc6a1639d2b3a0a0139015fde..e15030ee74962997e469c6831c256a259f60cd1e 100644 (file)
--- a/src/libtls/tls_socket.c
+++ b/src/libtls/tls_socket.c
@@ -193,11 +193,13 @@ static bool exchange(private_tls_socket_t *this, bool wr, bool block)
                                case SUCCESS:
                                        return TRUE;
                                default:
-                                       if (wr)
-                                       {
-                                               return FALSE;
+                                       if (!wr && this->app.in_done > 0)
+                                       {       /* return data after proper termination via fatal close
+                                                * notify to which we responded with one */
+                                               this->eof = TRUE;
+                                               return TRUE;
                                        }
-                                       break;
+                                       return FALSE;
                        }
                        break;
                }