Fix OpenSSL runtime shutdown (#53)

In some cases (especially when receiving a response with a close delimited body), the peer closes the connection before we attempt to SSL shutdown, leading to unnecessary reporting of errors such as `Unix.Unix_error(Unix.EBADF)`
anmonteiro · Apr 13, 2020 · c2bdb23 · c2bdb23
1 parent d8bf1bd
commit c2bdb23
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 15 deletions.
diff --git a/lwt-unix/ssl_io_real.ml b/lwt-unix/ssl_io_real.ml
@@ -41,21 +41,25 @@ struct
   type addr = Unix.sockaddr
 
   let close ssl =
-    Lwt_ssl.ssl_shutdown ssl >>= fun () ->
+    let fd = Lwt_ssl.get_fd ssl in
+    match Lwt_unix.state fd with
+    | Closed ->
+      Lwt.return_unit
+    | _ ->
+      Lwt_ssl.ssl_shutdown ssl >>= fun () ->
       Lwt.catch
-      (fun () -> Lwt.wrap2 Lwt_ssl.shutdown ssl Unix.SHUTDOWN_ALL)
-      (function
-       | Unix.Unix_error (Unix.ENOTCONN, _, _) ->
-           Lwt.return_unit
-       | exn -> Lwt.fail exn)
+        (fun () -> Lwt.wrap2 Lwt_ssl.shutdown ssl Unix.SHUTDOWN_ALL)
+        (function
+          | Unix.Unix_error (Unix.ENOTCONN, _, _) ->
+            Lwt.return_unit
+          | exn ->
+            Lwt.fail exn)
       >>= fun () ->
-       let fd = Lwt_ssl.get_fd ssl in
-       match Lwt_unix.state fd with
-       | Lwt_unix.Closed -> Lwt.return_unit
-       | _ ->
-         Lwt.catch
-           (fun () -> Lwt_ssl.close ssl)
-           (fun _exn -> Lwt.return_unit)
+      match Lwt_unix.state fd with
+      | Lwt_unix.Closed ->
+        Lwt.return_unit
+      | _ ->
+        Lwt.catch (fun () -> Lwt_ssl.close ssl) (fun _exn -> Lwt.return_unit)
 
   let read ssl bigstring ~off ~len =
     Lwt.catch

diff --git a/lwt-unix/tls_io_real.ml b/lwt-unix/tls_io_real.ml
@@ -80,8 +80,6 @@ module Io :
 
   let shutdown_receive _tls = ()
 
-  let close tls = Tls_lwt.Unix.close tls
-
   let state tls =
     match Tls_lwt.Unix.epoch tls with `Error -> `Error | `Ok _ -> `Open
 end