From 66432dcd65aea8235845ac0ca59cb62e91ff0e78 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 14 Apr 2021 19:02:50 +0300 Subject: [PATCH] Handle a situation when SSL shutdown messages were sent and received It fixes a corner case which was causing dig to print annoying messages like: 14-Apr-2021 18:48:37.099 SSL error in BIO: 1 TLS error (errno: 0). Arguments: received_data: (nil), send_data: (nil), finish: false even when all the data was properly processed. --- lib/isc/netmgr/tlsstream.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index a682ba00f2..a68838a775 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -377,6 +377,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, bool received_shutdown = ((SSL_get_shutdown(sock->tlsstream.tls) & SSL_RECEIVED_SHUTDOWN) != 0); + bool sent_shutdown = + ((SSL_get_shutdown(sock->tlsstream.tls) & + SSL_SENT_SHUTDOWN) != 0); rv = SSL_write_ex(sock->tlsstream.tls, send_data->uvbuf.base, send_data->uvbuf.len, &len); @@ -386,7 +389,18 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, send_data->cb.send(send_data->handle, result, send_data->cbarg); send_data = NULL; - if (!received_shutdown) { + /* This situation might occur only when SSL + * shutdown was already sent (see + * tls_send_outgoing()), and we are in the + * process of shutting down the connection (in + * this case tls_senddone() will be called), but + * some code tries to send data over the + * connection and called isc_tls_send(). The + * socket will be detached there, in + * tls_senddone().*/ + if (sent_shutdown && received_shutdown) { + return; + } else if (!received_shutdown) { isc__nmsocket_detach(&sock); return; }