TLS: clear 'errno' when handling SSL status

Sometimes tls_do_bio() might be called when there is no new data to
process (most notably, when resuming reads), in such a case internal
TLS session state will remain untouched and old value in 'errno' will
alter the result of SSL_get_error() call, possibly making it to return
SSL_ERROR_SYSCALL. This value will be treated as an error, and will
lead to closing the connection, which is not what expected.

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index a7cebd4669a08a837fccf5d565b4b74c50fa8ec0..fb5ce01219e00a7eacb43edf8abf7dc038acb9b4 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -497,6 +497,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
                        }
                }
        }
+       errno = 0;
        tls_status = SSL_get_error(sock->tlsstream.tls, rv);
        saved_errno = errno;