From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 11 Apr 2019 15:22:52 +0000 (+0200)
Subject: openssl: mark connection for close on TLS close_notify
X-Git-Tag: curl-7_65_0~151
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3f5da4e59a556fc68272a9857a38dd75234d0c04;p=curl

openssl: mark connection for close on TLS close_notify

Without this, detecting and avoid reusing a closed TLS connection
(without a previous GOAWAY) when doing HTTP/2 is tricky.

Reported-by: Tom van der Woerdt
Fixes #3750
Closes #3763
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index eff5c2106..5d2aac7d3 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3756,7 +3756,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
 
     switch(err) {
     case SSL_ERROR_NONE: /* this is not an error */
+      break;
     case SSL_ERROR_ZERO_RETURN: /* no more data */
+      /* close_notify alert */
+      connclose(conn, "TLS close_notify");
       break;
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE: