From c96cd51fe73fddb4e9188e4f857938d33f386664 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodarima@gmail.com>
Date: Sat, 1 Jun 2024 20:31:39 +0200
Subject: Don't call SSL_get_error() with pending data

When a positive non-zero value is returned from SSL_read or SSL_write,
there is data read or written, so there is no need to check for errors.
Only in the case the return value is 0 or negative.
---
 src/IO/tls_openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/IO/tls_openssl.c')

diff --git a/src/IO/tls_openssl.c b/src/IO/tls_openssl.c
index 3e53800d..10a68dbd 100644
--- a/src/IO/tls_openssl.c
+++ b/src/IO/tls_openssl.c
@@ -1272,6 +1272,12 @@ void a_Tls_openssl_connect(int fd, const DilloUrl *url)
  */
 static int Tls_handle_error(Conn_t *conn, int ret, const char *where)
 {
+   /* Success */
+   if (ret > 0) {
+      errno = 0;
+      return ret;
+   }
+
    SSL *ssl = conn->ssl;
    int err1_ret = SSL_get_error(ssl, ret);
    if (err1_ret == SSL_ERROR_NONE) {
-- 
cgit v1.2.3