Don't unconditionally shut down the SslStream

OpenSSL doesn't like applications to call SSL_Shutdown on a connection which either hasn't finished the handshake or has fatal errors. This commit only addresses the first case. When using tokio_openssl::SslStream in hyper, and (a)waiting on the conn returned by for instance hyper::client::conn::http1::handshake(stream) it returns "error shutting down connection" with the nested cause "shutdown while in init" errors if the SSL handshake fails. This error might not fatal, but it is confusing, and makes it harder find the actual error one is looking for.
tokio-rs · Dec 18, 2024 · 4256c31 · 4256c31
1 parent 70edf38
commit 4256c31
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/lib.rs b/src/lib.rs
@@ -269,7 +269,17 @@ where
     }
 
     fn poll_shutdown(mut self: Pin<&mut Self>, ctx: &mut Context) -> Poll<io::Result<()>> {
-        match self.as_mut().with_context(ctx, |s| s.shutdown()) {
+        let maybe_shutdown = |s: &mut openssl::ssl::SslStream<_>| {
+            if s.ssl().is_init_finished() {
+                s.shutdown()
+            } else {
+                // I would really like to return an error with ErrorCode::ZERO_RETURN here,
+                // but there aren't any public methonds to create openssl::error::Error
+                Ok(ShutdownResult::Received)
+            }
+        };
+
+        match self.as_mut().with_context(ctx, maybe_shutdown) {
             Ok(ShutdownResult::Sent) | Ok(ShutdownResult::Received) => {}
             Err(ref e) if e.code() == ErrorCode::ZERO_RETURN => {}
             Err(ref e) if e.code() == ErrorCode::WANT_READ || e.code() == ErrorCode::WANT_WRITE => {