From f11c33601519c9ade88a27b7f9ae6a7167673560 Mon Sep 17 00:00:00 2001 From: Felix-Gong Date: Fri, 29 May 2026 08:30:11 +0000 Subject: [PATCH] Fix HTTPS pooled client crash on unexpected SSL EOF When OpenSSL 3.x detects unexpected EOF (peer closed without close_notify), SSL_read returns 0 with SSL_ERROR_SSL. The code didn't return -1, causing error_code=0 to propagate to Controller::SetFailed() which triggers CHECK(false). Fix by returning -1 with errno=ESSL when SSL errors are detected in DoRead(), instead of falling through and returning nr. Discovered during RISC-V porting and integration testing. Fixes #3307 Signed-off-by: Felix Gong --- src/brpc/socket.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp index 0ca6950428..201861078d 100644 --- a/src/brpc/socket.cpp +++ b/src/brpc/socket.cpp @@ -2133,7 +2133,14 @@ ssize_t Socket::DoRead(size_t size_hint) { default: { const unsigned long e = ERR_get_error(); if (nr == 0) { - // Socket EOF or SSL session EOF + if (ssl_error != SSL_ERROR_ZERO_RETURN) { + // Unexpected EOF without proper SSL shutdown (close_notify) + LOG(WARNING) << "Fail to read from ssl_fd=" << fd() + << ": unexpected ssl_error=" << ssl_error; + errno = ESSL; + return -1; + } + // Clean SSL shutdown (close_notify received) } else if (e != 0) { LOG(WARNING) << "Fail to read from ssl_fd=" << fd() << ": " << SSLError(e); @@ -2146,6 +2153,10 @@ ssize_t Socket::DoRead(size_t size_hint) { BIO_fd_non_fatal_error(saved_errno) != 0 || nr < 0; PLOG_IF(WARNING, is_fatal_error) << "Fail to read from ssl_fd=" << fd(); + if (is_fatal_error) { + errno = ESSL; + return -1; + } errno = saved_errno; } break;