Handle a situation when SSL shutdown messages were sent and received

It fixes a corner case which was causing dig to print annoying messages like: 14-Apr-2021 18:48:37.099 SSL error in BIO: 1 TLS error (errno: 0). Arguments: received_data: (nil), send_data: (nil), finish: false even when all the data was properly processed.
2026-06-08 18:32:10 -04:00 · 2021-04-14 19:02:50 +03:00 · 2021-04-14 19:02:50 +03:00 · 66432dcd65
commit 66432dcd65
parent 513cdb52ec
1 changed files with 15 additions and 1 deletions
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@ -377,6 +377,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 			bool received_shutdown =
 				((SSL_get_shutdown(sock->tlsstream.tls) &
 				  SSL_RECEIVED_SHUTDOWN) != 0);
+			bool sent_shutdown =
+				((SSL_get_shutdown(sock->tlsstream.tls) &
+				  SSL_SENT_SHUTDOWN) != 0);
 			rv = SSL_write_ex(sock->tlsstream.tls,
 					  send_data->uvbuf.base,
 					  send_data->uvbuf.len, &len);
@ -386,7 +389,18 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 				send_data->cb.send(send_data->handle, result,
 						   send_data->cbarg);
 				send_data = NULL;
-				if (!received_shutdown) {
+				/* This situation might occur only when SSL
+				 * shutdown was already sent (see
+				 * tls_send_outgoing()), and we are in the
+				 * process of shutting down the connection (in
+				 * this case tls_senddone() will be called), but
+				 * some code tries to send data over the
+				 * connection and called isc_tls_send(). The
+				 * socket will be detached there, in
+				 * tls_senddone().*/
+				if (sent_shutdown && received_shutdown) {
+					return;
+				} else if (!received_shutdown) {
 					isc__nmsocket_detach(&sock);
 					return;
 				}