lib-ssl-iostream: Fix potential busy loop when handshake has failed

If the stream is already destroyed, handshaking should return -1 as error
instead of "more data needed".

This fixes at least a potential busy loop when login-proxy tries to connect
to a remote server with mismatching SSL certificate name. It was timing
sensitive though, only seeming to happen when running with valgrind.

This code has been there since 9d0640616c30701bed286034840facfb386db90e

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index c0da08388ee46f037ca701bf7791e546b7dd4603..3794354ec74483a4ef7faee346193b747069c9ab 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -594,8 +594,10 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io)
                return openssl_iostream_bio_sync(ssl_io, OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE);
 
        /* we are being destroyed, so do not do any more handshaking */
-       if (ssl_io->destroyed)
-               return 0;
+       if (ssl_io->destroyed) {
+               errno = EPIPE;
+               return -1;
+       }
 
        if (ssl_io->ctx->client_ctx) {
                while ((ret = SSL_connect(ssl_io->ssl)) <= 0) {