Diff

Differences From Artifact [cd83a9c489]:

To Artifact [562862938f]:


806
807
808
809
810
811
812

813
814
815
816


817
818
819
820
821
822

823
824
825
826
827
828
829
806
807
808
809
810
811
812
813
814



815
816




817

818
819
820
821
822
823
824
825







+

-
-
-
+
+
-
-
-
-

-
+







	if (!(statePtr->flags & TLS_TCL_INIT)) {
		dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success");
		*errorCodePtr = 0;
		return(0);
	}

	if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
		dprintf("Asked to wait for a TLS handshake that has already failed.  Returning fatal error");
		/*
		 * We choose ECONNRESET over ECONNABORTED here because some server
		 * side code, on the wiki for example, sets up a read handler that
		 * does a read and if eof closes the channel. There is no catch/try
		 * If we get here, we've already returned a soft-failure once.
		 * Return a hard failure now.
		 * around the reads so exceptions will result in potentially many
		 * dangling channels hanging around that should have been closed.
		 * (Backgroun: ECONNABORTED maps to a Tcl exception and 
		 * ECONNRESET maps to graceful EOF).
		 */
		*errorCodePtr = ECONNRESET;
		*errorCodePtr = ECONNABORTED;
		return(-1);
	}

	for (;;) {
		/* Not initialized yet! */
		if (statePtr->flags & TLS_TCL_SERVER) {
			dprintf("Calling SSL_accept()");
893
894
895
896
897
898
899
900
901
902
903













904
905
906
907

908
909
910
911
912
913
914
889
890
891
892
893
894
895

896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914

915
916
917
918
919
920
921
922







-



+
+
+
+
+
+
+
+
+
+
+
+
+



-
+







			dprintf("The connection is up");
			break;
		case SSL_ERROR_ZERO_RETURN:
			dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...")
			return(-1);
		case SSL_ERROR_SYSCALL:
			backingError = ERR_get_error();
			dprintf("I/O error occured");

			if (backingError == 0 && err == 0) {
				dprintf("EOF reached")
				*errorCodePtr = ECONNRESET;
			} else if (backingError == 0 && err == -1) {
				dprintf("I/O error occured (errno = %lu)", (unsigned long) Tcl_GetErrno());
				*errorCodePtr = Tcl_GetErrno();
				if (*errorCodePtr == ECONNRESET) {
					*errorCodePtr = ECONNABORTED;
				}
			} else {
				dprintf("I/O error occured (backingError = %lu)", backingError);
				*errorCodePtr = backingError;
				if (*errorCodePtr == ECONNRESET) {
					*errorCodePtr = ECONNABORTED;
				}
			}

			statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
			*errorCodePtr = ECONNRESET;

			return(-1);
		case SSL_ERROR_SSL:
			dprintf("Got permanent fatal SSL error, aborting immediately");
			Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error()));
			statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
			*errorCodePtr = ECONNABORTED;
			return(-1);