From e139bde6ae5524514fc431bea9a5b1802dea7ceb Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Fri, 11 Dec 2015 09:11:44 +0000
Subject: [PATCH] A couple SSL-related fixes for Mongoose

    PUBLISHED_FROM=03297850f7a620588de851ef86be25e17a04ad28
---
 mongoose.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index 64c880ca2..bb194c9c7 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -3015,8 +3015,6 @@ static void mg_write_to_socket(struct mg_connection *nc) {
         int ssl_err = mg_ssl_err(nc, n);
         if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) {
           return; /* Call us again */
-        } else {
-          nc->flags |= MG_F_CLOSE_IMMEDIATELY;
         }
       } else {
         /* Successful SSL operation, clear off SSL wait flags */
@@ -3117,8 +3115,16 @@ static void mg_handle_udp_read(struct mg_connection *nc) {
 #ifdef MG_ENABLE_SSL
 static int mg_ssl_err(struct mg_connection *conn, int res) {
   int ssl_err = SSL_get_error(conn->ssl, res);
-  if (ssl_err == SSL_ERROR_WANT_READ) conn->flags |= MG_F_WANT_READ;
-  if (ssl_err == SSL_ERROR_WANT_WRITE) conn->flags |= MG_F_WANT_WRITE;
+  DBG(("%p %d -> %d", conn, res, ssl_err));
+  if (ssl_err == SSL_ERROR_WANT_READ) {
+    conn->flags |= MG_F_WANT_READ;
+  } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
+    conn->flags |= MG_F_WANT_WRITE;
+  } else {
+    /* There could be an alert to deliver. Try our best. */
+    SSL_write(conn->ssl, "", 0);
+    conn->flags |= MG_F_CLOSE_IMMEDIATELY;
+  }
   return ssl_err;
 }
 
-- 
GitLab