Properly shut down TLS streams.

Refs #6107
Icinga · May 3, 2014 · c37e47f · c37e47f
1 parent 957fdc8
commit c37e47f
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 12 deletions.
diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp
@@ -92,20 +92,19 @@ void TlsStream::Handshake(void)
 {
 	ASSERT(!OwnsLock());
 
-	int rc;
-
 	for (;;) {
-		int rc;
+		int rc, err;
 
 		{
 			ObjectLock olock(this);
 			rc = SSL_do_handshake(m_SSL.get());
-		}
 
-		if (rc > 0)
-			break;
+			if (rc > 0)
+				break;
+
+			err = SSL_get_error(m_SSL.get(), rc);
+		}
 
-		int err = SSL_get_error(m_SSL.get(), rc);
 		switch (err) {
 			case SSL_ERROR_WANT_READ:
 				m_Socket->Poll(true, false);
@@ -134,15 +133,17 @@ size_t TlsStream::Read(void *buffer, size_t count)
 	size_t left = count;
 
 	while (left > 0) {
-		int rc;
+		int rc, err;
 
 		{
 			ObjectLock olock(this);
 			rc = SSL_read(m_SSL.get(), ((char *)buffer) + (count - left), left);
+
+			if (rc <= 0)
+				err = SSL_get_error(m_SSL.get(), rc);
 		}
 
 		if (rc <= 0) {
-			int err = SSL_get_error(m_SSL.get(), rc);
 			switch (err) {
 				case SSL_ERROR_WANT_READ:
 					m_Socket->Poll(true, false);
@@ -173,15 +174,17 @@ void TlsStream::Write(const void *buffer, size_t count)
 	size_t left = count;
 
 	while (left > 0) {
-		int rc;
+		int rc, err;
 
 		{
 			ObjectLock olock(this);
 			rc = SSL_write(m_SSL.get(), ((const char *)buffer) + (count - left), left);
+
+			if (rc <= 0)
+				err = SSL_get_error(m_SSL.get(), rc);
 		}
 
 		if (rc <= 0) {
-			int err = SSL_get_error(m_SSL.get(), rc);
 			switch (err) {
 				case SSL_ERROR_WANT_READ:
 					m_Socket->Poll(true, false);
@@ -208,6 +211,41 @@ void TlsStream::Write(const void *buffer, size_t count)
  */
 void TlsStream::Close(void)
 {
+	ASSERT(!OwnsLock());
+
+	for (;;) {
+		int rc, err;
+
+		{
+			ObjectLock olock(this);
+
+			do {
+				rc = SSL_shutdown(m_SSL.get());
+			} while (rc == 0);
+
+			if (rc > 0)
+				break;
+
+			err = SSL_get_error(m_SSL.get(), rc);
+		}
+
+		switch (err) {
+			case SSL_ERROR_WANT_READ:
+				m_Socket->Poll(true, false);
+				continue;
+			case SSL_ERROR_WANT_WRITE:
+				m_Socket->Poll(false, true);
+				continue;
+			case SSL_ERROR_ZERO_RETURN:
+				Close();
+				return;
+			default:
+				BOOST_THROW_EXCEPTION(openssl_error()
+					<< boost::errinfo_api_function("SSL_shutdown")
+					<< errinfo_openssl_error(ERR_get_error()));
+		}
+	}
+
 	m_Socket->Close();
 }
 

diff --git a/lib/remote/jsonrpc.cpp b/lib/remote/jsonrpc.cpp
@@ -42,7 +42,7 @@ Dictionary::Ptr JsonRpc::ReadMessage(const Stream::Ptr& stream)
 {
 	String jsonString;
 	if (!NetString::ReadStringFromStream(stream, &jsonString))
-		BOOST_THROW_EXCEPTION(std::runtime_error("ReadStringFromStream signalled EOF."));
+		return Dictionary::Ptr();
 
 	//std::cerr << "<< " << jsonString << std::endl;
 	Value value = JsonDeserialize(jsonString);