From: Yu Watanabe Date: Thu, 2 Aug 2018 21:34:19 +0000 (+0900) Subject: resolve: fix error handling of SSL_shutdown() X-Git-Tag: v240~866^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8eadd2918395ea7fb7b4fbcee4723c9d60e09d04;p=thirdparty%2Fsystemd.git resolve: fix error handling of SSL_shutdown() --- diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 6b765b58ecb..c23211404b9 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -120,31 +120,42 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) { if (stream->dnstls_data.shutdown) { ERR_clear_error(); r = SSL_shutdown(stream->dnstls_data.ssl); - if (r <= 0) { + if (r == 0) { + stream->dnstls_events = 0; + + r = dnstls_flush_write_buffer(stream); + if (r < 0) + return r; + + return -EAGAIN; + } else if (r < 0) { error = SSL_get_error(stream->dnstls_data.ssl, r); - if (r == 0 || IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) { - if (r < 0) - stream->dnstls_events = error == SSL_ERROR_WANT_READ ? EPOLLIN : EPOLLOUT; + if (IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) { + stream->dnstls_events = error == SSL_ERROR_WANT_READ ? EPOLLIN : EPOLLOUT; r = dnstls_flush_write_buffer(stream); if (r < 0) return r; return -EAGAIN; + } else if (error == SSL_ERROR_SYSCALL) { + if (errno > 0) + log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m"); } else { char errbuf[256]; ERR_error_string_n(error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_shutdown: %s", errbuf); + log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf); } } + stream->dnstls_events = 0; + stream->dnstls_data.shutdown = false; + r = dnstls_flush_write_buffer(stream); if (r < 0) return r; - stream->dnstls_events = 0; - stream->dnstls_data.shutdown = false; dns_stream_unref(stream); return DNSTLS_STREAM_CLOSED; } else if (stream->dnstls_data.handshake <= 0) { @@ -204,6 +215,8 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) { dns_stream_ref(stream); } + stream->dnstls_events = 0; + r = dnstls_flush_write_buffer(stream); if (r < 0) return r; @@ -222,11 +235,14 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) { dns_stream_ref(stream); } return -EAGAIN; + } else if (ssl_error == SSL_ERROR_SYSCALL) { + if (errno > 0) + log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m"); } else { char errbuf[256]; ERR_error_string_n(ssl_error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_shutdown: %s", errbuf); + log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf); } }