#68 Gracefully handle unexpected EOFs with OpenSSL 3.0?

[movq]

Hi,

I keep getting the following error on every run of mbsync:

Socket error: secure read from imap.gmail.com (...:993): error:0A000126:SSL routines::unexpected eof while reading

This started happening as soon as I upgraded/switched to OpenSSL 3.0. With OpenSSL 1.1, this message does not show up.

The manpage of SSL_get_error for OpenSSL 3.0 contains this paragraph:

Some TLS implementations do not send a close_notify alert on
shutdown.

On an unexpected EOF, versions before OpenSSL 3.0 returned
SSL_ERROR_SYSCALL, nothing was added to the error stack, and
errno was 0.  Since OpenSSL 3.0 the returned error is
SSL_ERROR_SSL with a meaningful error on the error stack.

And in isync's socket.c, there is this section around line 90 in ssl_return():

    case SSL_ERROR_SSL:
        print_ssl_socket_errors( func, conn );
        break;
    case SSL_ERROR_SYSCALL:
        if (print_ssl_socket_errors( func, conn ))
            break;
        if (ret == 0) {
    case SSL_ERROR_ZERO_RETURN:
            /* Callers take the short path out, so signal higher layers from here. */
            conn->state = SCK_EOF;
            conn->read_callback( conn->callback_aux );
            return -1;
        }
        sys_error( "Socket error: secure %s %s", func, conn->name );
        break;

I suspect that the intention here was to gracefully ignore unexpected EOFs (SSL_ERROR_SYSCALL and ret == 0). OpenSSL's behaviour has changed with 3.0 and we now end up in the SSL_ERROR_SSL case, thus printing an error.

Would you consider gracefully handling unexpected EOFs with OpenSSL 3.0 as well?

Thanks!

[movq]

Oh, sorry, I've just seen the thread on the mailing list regarding this issue.

https://sourceforge.net/p/isync/mailman/message/37731764/

[Oswald Buddenhagen]

fixed in commit b6c36624.