From a28454ee2193b7c5b4729c056aa4fad533336eaf Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed, 24 Apr 2019 12:04:36 +0200
Subject: [PATCH] BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.

In ha_ssl_read()/ha_ssl_write(), if we couldn't send/receive data because
we got EAGAIN, return -1 and not 0, as older SSL versions expect that.
This should fix the problems with OpenSSL < 1.1.0.
---
 src/ssl_sock.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 58ae8a264..015943ee6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -271,8 +271,10 @@ static int ha_ssl_write(BIO *h, const char *buf, int num)
 	tmpbuf.data = num;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR))
+	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
 		BIO_set_retry_write(h);
+		ret = -1;
+	}
 	return ret;
 }
 
@@ -304,8 +306,10 @@ static int ha_ssl_read(BIO *h, char *buf, int size)
 	tmpbuf.data = 0;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR))
+	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
 		BIO_set_retry_read(h);
+		ret = -1;
+	}
 
 	return ret;
 }