From a57ebca127a49869296ee2790e28eb37fdd20488 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 19 May 2021 19:33:34 -0400 Subject: [PATCH] Handle SSL_read changed behavior on server hangup (cherry picked from commit 948e3c5b89fcfdb64ea5af177c7e30a6ce8a477b) --- src/include/k5-trace.h | 2 -- src/lib/krb5/os/sendto_kdc.c | 5 +++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index 79b5a7a85..7bd385d68 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -395,8 +395,6 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr) #define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr) \ TRACE(c, "HTTPS error connecting to {raddr}", raddr) -#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr) \ - TRACE(c, "HTTPS error receiving from {raddr}", raddr) #define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr) \ TRACE(c, "HTTPS error sending to {raddr}", raddr) #define TRACE_SENDTO_KDC_HTTPS_SEND(c, raddr) \ diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 0eedec175..e874130d9 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -1320,8 +1320,9 @@ https_read_bytes(krb5_context context, struct conn_state *conn, } else if (st == WANT_WRITE) { cm_write(selstate, conn->fd); } else if (st == ERROR_TLS) { - TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(context, &conn->addr); - kill_conn(context, conn, selstate); + /* In OpenSSL 3, a server hangup is a TLS error. Rely on our decoder + * to handle this instead. */ + return TRUE; } return FALSE; }