openssl: mark connection for close on TLS close_notify

Without this, detecting and avoid reusing a closed TLS connection
(without a previous GOAWAY) when doing HTTP/2 is tricky.

Reported-by: Tom van der Woerdt
Fixes #3750
Closes #3763

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index eff5c2106c422889d5abc7ad6805c119df12b2a1..5d2aac7d383c64f928f24f4f9a019c6bc3308bef 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3756,7 +3756,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
 
     switch(err) {
     case SSL_ERROR_NONE: /* this is not an error */
+      break;
     case SSL_ERROR_ZERO_RETURN: /* no more data */
+      /* close_notify alert */
+      connclose(conn, "TLS close_notify");
       break;
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE: