From d95381ec7a50c6c31a3524a4ca1f9efc8a655dc0 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 15 Nov 2021 14:39:22 +0100 Subject: [PATCH] tls-socket: Handle sending fatal errors better In particular as server, the previous code might cause it to hang in recv() if this case wasn't triggered by a close notify (followed by a shutdown of the socket) but it e.g. failed processing a ServerHello and responded with a fatal alert. Fixes: 09fbaad6bd71 ("tls-socket: Don't fail reading if sending data failed") --- src/libtls/tls_socket.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/libtls/tls_socket.c b/src/libtls/tls_socket.c index 75f1469298..e15030ee74 100644 --- a/src/libtls/tls_socket.c +++ b/src/libtls/tls_socket.c @@ -193,11 +193,13 @@ static bool exchange(private_tls_socket_t *this, bool wr, bool block) case SUCCESS: return TRUE; default: - if (wr) - { - return FALSE; + if (!wr && this->app.in_done > 0) + { /* return data after proper termination via fatal close + * notify to which we responded with one */ + this->eof = TRUE; + return TRUE; } - break; + return FALSE; } break; } -- 2.47.2