lib-ssl-iostream: Handle delayed handshake failure explicitly

The previous commit already fixed the busy loop bug, but errno=EINVAL is
better for the handshake failure than EPIPE.

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 3794354ec74483a4ef7faee346193b747069c9ab..857e342be4bdece2c8051241c25ef3d94a2c1af3 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -258,8 +258,8 @@ void openssl_iostream_shutdown(struct ssl_iostream *ssl_io)
        ssl_io->destroyed = TRUE;
        (void)o_stream_flush(ssl_io->plain_output);
 
-       if (!ssl_io->closed &&
-           (ssl_io->handshaked || ssl_io->handshake_failed || ssl_io->do_shutdown)) {
+       if (!ssl_io->closed && !ssl_io->handshake_failed &&
+           (ssl_io->handshaked || ssl_io->do_shutdown)) {
                /* Try shutting down connection. If it does not succeed at once,
                   try once more. */
                for (int i = 0; i < 2; i++) {
@@ -593,6 +593,11 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io)
        if (ssl_io->handshaked)
                return openssl_iostream_bio_sync(ssl_io, OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE);
 
+       if (ssl_io->handshake_failed) {
+               errno = EINVAL;
+               return -1;
+       }
+
        /* we are being destroyed, so do not do any more handshaking */
        if (ssl_io->destroyed) {
                errno = EPIPE;