Merge pull request apache#37 from Edge/TS-3667

Bryan Call · Bryan Call · commit fc4d88b3fec8 · 2015-06-05T09:14:28.000-07:00
TS-3667: SSL Handshake read does not correctly handle EOF and error cases.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 6.0.0
 
+  *) [TS-3667] Make SSL Handhake read correctly handle EOF and error cases.
+
   *) [TS-3560] Make proxy.config.http.slow.log.threshold overridable
 
   *) [TS-3378] SpdyRequest used after free()
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
@@ -347,11 +347,6 @@ SSLNetVConnection::read_raw_data()
     if (r <= 0) {
       if (r == -EAGAIN || r == -ENOTCONN) {
         NET_INCREMENT_DYN_STAT(net_calls_to_read_nodata_stat);
-        return r;
-      }
-
-      if (!r || r == -ECONNRESET) {
-        return r;
       }
       return r;
     }
@@ -960,7 +955,22 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
   if (BIO_eof(SSL_get_rbio(this->ssl))) { // No more data in the buffer
     // Read from socket to fill in the BIO buffer with the
     // raw handshake data before calling the ssl accept calls.
-    this->read_raw_data();
+    int retval = this->read_raw_data();
+    if (retval < 0) {
+      if (retval == -EAGAIN) {
+         // No data at the moment, hang tight
+         SSLDebugVC(this, "SSL handshake: EAGAIN");
+         return SSL_HANDSHAKE_WANT_READ;
+      } else {
+         // An error, make us go away
+         SSLDebugVC(this, "SSL handshake error: read_retval=%d", retval);
+         return EVENT_ERROR;
+      }
+    } else if (retval == 0) {
+      // EOF, go away, we stopped in the handshake
+      SSLDebugVC(this, "SSL handshake error: EOF");
+      return EVENT_ERROR;
+    }
   }
 
   ssl_error_t ssl_error = SSLAccept(ssl);
