diff --git a/lib/service.c b/lib/service.c index 08177a91..1a41e834 100644 --- a/lib/service.c +++ b/lib/service.c @@ -1047,37 +1047,37 @@ lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, int t } #ifdef LWS_OPENSSL_SUPPORT - if ((wsi->state == LWSS_SHUTDOWN) && lws_is_ssl(wsi) && wsi->ssl) - { + if ((wsi->state == LWSS_SHUTDOWN) && lws_is_ssl(wsi) && wsi->ssl) { n = SSL_shutdown(wsi->ssl); lwsl_debug("SSL_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); - if (n == 1) - { + switch (n) { + case 1: n = shutdown(wsi->desc.sockfd, SHUT_WR); goto close_and_handled; - } - else if (n == 0) - { - lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + + case 0: + lws_change_pollfd(wsi, 0, LWS_POLLIN); n = 0; goto handled; - } - else /* n < 0 */ - { - int shutdown_error = SSL_get_error(wsi->ssl, n); - lwsl_debug("SSL_shutdown ret %d, SSL_get_error: %d\n", - n, shutdown_error); - if (shutdown_error == SSL_ERROR_WANT_READ) { - lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); - n = 0; - goto handled; - } else if (shutdown_error == SSL_ERROR_WANT_WRITE) { - lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLOUT); - n = 0; - goto handled; + + default: + n = SSL_get_error(wsi->ssl, n); + if (n != SSL_ERROR_SYSCALL) { + if (SSL_want_read(wsi->ssl)) { + lwsl_debug("(wants read)\n"); + lws_change_pollfd(wsi, 0, LWS_POLLIN); + n = 0; + goto handled; + } + if (SSL_want_write(wsi->ssl)) { + lwsl_debug("(wants write)\n"); + lws_change_pollfd(wsi, 0, LWS_POLLOUT); + n = 0; + goto handled; + } } - // actual error occurred, just close the connection + /* actual error occurred, just close the connection */ n = shutdown(wsi->desc.sockfd, SHUT_WR); goto close_and_handled; } diff --git a/lib/ssl.c b/lib/ssl.c index 0ed64a3f..04921a0b 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -197,10 +197,15 @@ int openssl_websocket_private_data_index, int lws_ssl_get_error(struct lws *wsi, int n) { + int m; + if (!wsi->ssl) return 99; - lwsl_debug("%s: %p %d\n", __func__, wsi->ssl, n); - return SSL_get_error(wsi->ssl, n); + + m = SSL_get_error(wsi->ssl, n); + lwsl_debug("%s: %p %d -> %d\n", __func__, wsi->ssl, n, m); + + return m; } /* Copies a string describing the code returned by lws_ssl_get_error(), @@ -463,20 +468,17 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) } if (n < 0) { - n = lws_ssl_get_error(wsi, n); - // lwsl_notice("get_ssl_err result %d\n", n); - if (n == SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) { + if (SSL_want_read(wsi->ssl)) { lwsl_debug("%s: WANT_READ\n", __func__); lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); return LWS_SSL_CAPABLE_MORE_SERVICE; } - if (n == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->ssl)) { + if (SSL_want_write(wsi->ssl)) { lwsl_debug("%s: WANT_WRITE\n", __func__); lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); return LWS_SSL_CAPABLE_MORE_SERVICE; } - lwsl_info("%s failed2: %s\n",__func__, ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); lws_ssl_elaborate_error();