SSL data read before error results in successful read.

2026-02-14 01:16:33 +00:00 · 2026-02-11 22:27:51 +00:00
parent 30f85c07c6
commit f87c5e20b2
1 changed files with 13 additions and 2 deletions
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -706,6 +706,7 @@ static int do_actual_read(struct npool *ms, struct nevent *nse) {
  } else {
 #if HAVE_OPENSSL
    /* OpenSSL read */
+    ERR_clear_error();
    while ((buflen = SSL_read(iod->ssl, buf, sizeof(buf))) > 0) {

      if (fs_cat(&nse->iobuf, buf, buflen) == -1) {
@@ -741,14 +742,24 @@ static int do_actual_read(struct npool *ms, struct nevent *nse) {
          /* EOF because of close_notify */
          buflen = 0;
          break;
+        case SSL_ERROR_SSL:
+          /* On an unexpected EOF, the returned error is SSL_ERROR_SSL with a
+           * SSL_R_UNEXPECTED_EOF_WHILE_READING on the error stack */
+          if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_peek_error()) {
+            buflen = 0;
+            break;
+          }
        default:
          assert(err != SSL_ERROR_NONE);
          /* Unexpected error */
          nse->event_done = 1;
          nse->status = NSE_STATUS_ERROR;
          nse->errnum = EIO;
-          nsock_log_info("SSL_read() failed for reason %s on NSI %li",
-              ERR_error_string(err, NULL), iod->id);
+          nsock_log_info("SSL_read() failed for reason %d on NSI %li",
+              err, iod->id);
+          while (err = ERR_get_error()) {
+            nsock_log_info("Additional SSL error: %s", ERR_error_string(err, NULL));
+          }
          return -1;
      }
    }