granicus.if.org Git - apache/commit

author	Rainer Jung <rjung@apache.org>
	Mon, 15 Oct 2018 21:14:21 +0000 (21:14 +0000)
committer	Rainer Jung <rjung@apache.org>
	Mon, 15 Oct 2018 21:14:21 +0000 (21:14 +0000)
commit	5bfbbcf9a23c01f2a6219d00121bcf89cfba1252
tree	a7ffebb2ed3fd86cdce3ec2510c938a2afb8a687	tree \| snapshot
parent	e931d1d71ddfb40a0eb81601d8884d220663a46c	commit \| diff

SSL_read() doesn't distinguish between return value 0 and <0,
at least not for OpenSSL 1.1.1. This is documented in the man
page for SSL_read and let to h2 failures when using OpenSSL 1.1.1.

When no data could be read, our code returned EAGAIN up until
OpenSSL 1.1.0, but APR_EOF for OpenSSL 1.1.1.

Now instead check SSL_get_error() also when SSL_read() returns 0.

To keep changes small, this change should not influence behavior,
when (rc=SSL_read()):
- rc < 0
- rc == 0 && *len > 0
- rc == 0 &&
  (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
  inctx->block == APR_NONBLOCK_READ

Behavior changes if
- rc == 0 &&
  !(APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc) &&
  !*len > 0
  Instead of APR_EOF:
  - same behavior as rc < 0 for SSL_ERROR_WANT_READ
  - same behavior as rc < 0 for SSL_ERROR_SYSCALL && APR_STATUS_IS_EAGAIN(inctx->rc)

Another change is that rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN
also results in APR_EOF.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843954 13f79535-47bb-0310-9956-ffa450edef68