LibTLS: Notify on_ready_to_read after handling fatal errors

The `on_ready_to_read` callback on the underlying socket will be called for various reasons which do not always guarantee that the next read operation will be successful. For example, the server might have sent an alert or a TCP RST. We handle fatal errors on the SSL connection before calling to the user so that `can_read_without_blocking` does not falsely advertise. The same checks should be performed there, but it is not possible due to the function being const.
Author: https://github.com/devgianlu Commit: https://github.com/LadybirdBrowser/ladybird/commit/7eace6af664 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3669 Reviewed-by: https://github.com/alimpfard ✅
2025-04-20 19:45:12 +00:00 · 2025-02-22 12:46:50 +01:00 · 2025-02-22 12:46:50 +01:00 · 7eace6af66 · 2025-02-22 17:40:54 +00:00
commit 7eace6af66
parent 1563054a63
1 changed files with 17 additions and 0 deletions
--- a/Libraries/LibTLS/TLSv12.cpp
+++ b/Libraries/LibTLS/TLSv12.cpp
@ -154,6 +154,23 @@ TLSv12::TLSv12(NonnullOwnPtr<Core::TCPSocket> socket, SSL_CTX* ssl_ctx, SSL* ssl
    , m_socket(move(socket))
 {
    m_socket->on_ready_to_read = [this] {
+        // There is something to read on the underlying TCP connection. This doesn't mean there is actual data to read from the SSL connection.
+        // For example, we might have received an alert or a connection reset.
+
+        char buffer[1];
+        auto ret = SSL_peek(m_ssl, buffer, 1);
+        if (ret <= 0) {
+            switch (SSL_get_error(m_ssl, ret)) {
+            case SSL_ERROR_SSL:
+            case SSL_ERROR_SYSCALL:
+                handle_fatal_error();
+                break;
+            default:
+                break;
+            }
+        }
+
+        // Now that we handled possible fatal errors, we can notify the user that there is data to read.
        if (on_ready_to_read)
            on_ready_to_read();
    };