tls-gnutls.c: Handle rehandshake error in _httpTLSRead

zdohnal · zdohnal · commit 0fe488ad845f · 2026-03-09T10:28:39.000+01:00
Per GNUTLS manual, `gnutls_record_recv()` can get GNUTLS_E_REHANDSHAKE
and if it is HTTP client, we should not close the connection and ignore
the error. The server can terminate the connection as before.
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
@@ -1613,25 +1613,37 @@ _httpTLSRead(http_t *http,		// I - Connection to server
 
   result = gnutls_record_recv(http->tls, buf, (size_t)len);
 
+  // Convert GNU TLS error to errno value...
   if (result < 0)
   {
-    // Convert GNU TLS error to errno value...
     switch (result)
     {
       case GNUTLS_E_INTERRUPTED :
 	  errno = EINTR;
 	  break;
 
       case GNUTLS_E_AGAIN :
-          errno = EAGAIN;
-          break;
+	  errno = EAGAIN;
+	  break;
+
+      case GNUTLS_E_REHANDSHAKE :
+	  // if used in client, ignore the error
+	  if (http->mode == _HTTP_MODE_CLIENT)
+	  {
+	    errno = 0;
+	    result = 0;
+	  }
+	  else
+	  {
+	    // terminate the session as server
+	    errno = EPIPE;
+	  }
+	  break;
 
       default :
-          errno = EPIPE;
-          break;
+	  errno = EPIPE;
+	  break;
     }
-
-    result = -1;
   }
 
   return ((int)result);
@@ -2032,15 +2044,13 @@ _httpTLSWrite(http_t     *http,		// I - Connection to server
 	  break;
 
       case GNUTLS_E_AGAIN :
-          errno = EAGAIN;
-          break;
+	  errno = EAGAIN;
+	  break;
 
       default :
-          errno = EPIPE;
-          break;
+	  errno = EPIPE;
+	  break;
     }
-
-    result = -1;
   }
 
   DEBUG_printf("5_httpTLSWrite: Returning %d.", (int)result);
