From e8e5762389c56ba0d794ecc43d8a1b26667c9c56 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Mon, 26 Jun 2023 17:42:09 +0200
Subject: [PATCH] MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the
 handshake

During a SSL_do_handshake(), SSL_ERROR_ZERO_RETURN can be returned in case
the remote peer sent a close_notify alert. Previously this would set the
connection error to CO_ER_SSL_HANDSHAKE, this patch sets it to
CO_ER_SSL_ABORT to have a more acurate error.
---
 src/ssl_sock.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ff0db9d1a..9af57cce1 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5984,6 +5984,14 @@ check_error:
 #endif /* BoringSSL or LibreSSL */
 			}
 			goto out_error;
+
+		} else if (ret == SSL_ERROR_ZERO_RETURN) {
+			/* The peer has closed the SSL session for writing by
+			 * sending a close_notify alert */
+			conn_ctrl_drain(conn);
+			conn->err_code = CO_ER_SSL_ABORT;
+			goto out_error;
+
 		}
 		else {
 			/* Fail on all other handshake errors */