handle SSL_ERROR_ZERO_RETURN a little more politely.

diff --git a/src/main/tls.c b/src/main/tls.c
index 09d78283ebb465bbb719bcfaa95ddba8795cd886..4a5cfdc5b91398dd16940adbaa8899732a46182e 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -4603,7 +4603,7 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request)
        if (err <= 0) {
                int code;
 
-               RDEBUG("SSL_read Error");
+               RDEBUG3("SSL_read Error");
 
                code = SSL_get_error(ssn->ssl, err);
                switch (code) {
@@ -4620,8 +4620,12 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request)
                        err = 0;
                        break;
 
+               case SSL_ERROR_ZERO_RETURN:
+                       RDEBUG2("Other end closed the TLS tunnel.");
+                       return FR_TLS_FAIL;
+
                default:
-                       REDEBUG("Error in fragmentation logic");
+                       REDEBUG("Error in fragmentation logic - code %d", code);
                        tls_error_io_log(request, ssn, err,
                                         "Failed in " STRINGIFY(__FUNCTION__) " (SSL_read)");
                        return FR_TLS_FAIL;

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index e1293d5394baaf499b117db9d39eeba368eb9187..bedbd0cd6718c36cc277050419a5dda93e900a8e 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -264,7 +264,7 @@ static int tls_socket_recv(rad_listen_t *listener)
         */
 get_application_data:
        status = tls_application_data(sock->ssn, request);
-       RDEBUG("Application data status %d", status);
+       RDEBUG3("Application data status %d", status);
 
        if (status == FR_TLS_MORE_FRAGMENTS) {
                PTHREAD_MUTEX_UNLOCK(&sock->mutex);