From 7eace6af6648e8200e785b977f0667290f25c2e7 Mon Sep 17 00:00:00 2001 From: devgianlu Date: Sat, 22 Feb 2025 12:46:50 +0100 Subject: [PATCH] LibTLS: Notify `on_ready_to_read` after handling fatal errors The `on_ready_to_read` callback on the underlying socket will be called for various reasons which do not always guarantee that the next read operation will be successful. For example, the server might have sent an alert or a TCP RST. We handle fatal errors on the SSL connection before calling to the user so that `can_read_without_blocking` does not falsely advertise. The same checks should be performed there, but it is not possible due to the function being const. --- Libraries/LibTLS/TLSv12.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Libraries/LibTLS/TLSv12.cpp b/Libraries/LibTLS/TLSv12.cpp index 97c65c2c89c..cfc1e37ae9e 100644 --- a/Libraries/LibTLS/TLSv12.cpp +++ b/Libraries/LibTLS/TLSv12.cpp @@ -154,6 +154,23 @@ TLSv12::TLSv12(NonnullOwnPtr socket, SSL_CTX* ssl_ctx, SSL* ssl , m_socket(move(socket)) { m_socket->on_ready_to_read = [this] { + // There is something to read on the underlying TCP connection. This doesn't mean there is actual data to read from the SSL connection. + // For example, we might have received an alert or a connection reset. + + char buffer[1]; + auto ret = SSL_peek(m_ssl, buffer, 1); + if (ret <= 0) { + switch (SSL_get_error(m_ssl, ret)) { + case SSL_ERROR_SSL: + case SSL_ERROR_SYSCALL: + handle_fatal_error(); + break; + default: + break; + } + } + + // Now that we handled possible fatal errors, we can notify the user that there is data to read. if (on_ready_to_read) on_ready_to_read(); };