From 4f108c13a373893a6e34042e21288bbf2c8dab95 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 24 Oct 2025 12:35:35 +0300 Subject: [PATCH] lib-ssl-iostream: Handle delayed handshake failure explicitly The previous commit already fixed the busy loop bug, but errno=EINVAL is better for the handshake failure than EPIPE. --- src/lib-ssl-iostream/iostream-openssl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c index 3794354ec7..857e342be4 100644 --- a/src/lib-ssl-iostream/iostream-openssl.c +++ b/src/lib-ssl-iostream/iostream-openssl.c @@ -258,8 +258,8 @@ void openssl_iostream_shutdown(struct ssl_iostream *ssl_io) ssl_io->destroyed = TRUE; (void)o_stream_flush(ssl_io->plain_output); - if (!ssl_io->closed && - (ssl_io->handshaked || ssl_io->handshake_failed || ssl_io->do_shutdown)) { + if (!ssl_io->closed && !ssl_io->handshake_failed && + (ssl_io->handshaked || ssl_io->do_shutdown)) { /* Try shutting down connection. If it does not succeed at once, try once more. */ for (int i = 0; i < 2; i++) { @@ -593,6 +593,11 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io) if (ssl_io->handshaked) return openssl_iostream_bio_sync(ssl_io, OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE); + if (ssl_io->handshake_failed) { + errno = EINVAL; + return -1; + } + /* we are being destroyed, so do not do any more handshaking */ if (ssl_io->destroyed) { errno = EPIPE; -- 2.47.3