TLS: clear 'errno' when handling SSL status

Sometimes tls_do_bio() might be called when there is no new data to
process (most notably, when resuming reads), in such a case internal
TLS session state will remain untouched and old value in 'errno' will
alter the result of SSL_get_error() call, possibly making it to return
SSL_ERROR_SYSCALL. This value will be treated as an error, and will
lead to closing the connection, which is not what expected.

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index 169b39100283e83616111c32748e87c8bb7e3c61..13789cd86a9c971b2395de6a9c76e1e2118a413a 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -496,6 +496,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
                        }
                }
        }
+       errno = 0;
        tls_status = SSL_get_error(sock->tlsstream.tls, rv);
        saved_errno = errno;