From 4256c31ad60386406a7ae803628784fbd47187d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oscar=20Hellstr=C3=B6m?= <oscar.hellstrom@vinnter.se>
Date: Wed, 18 Dec 2024 16:39:19 +0100
Subject: [PATCH] Don't unconditionally shut down the SslStream

OpenSSL doesn't like applications to call SSL_Shutdown on a connection
which either hasn't finished the handshake or has fatal errors. This
commit only addresses the first case.

When using tokio_openssl::SslStream in hyper, and (a)waiting on the conn
returned by for instance hyper::client::conn::http1::handshake(stream)
it returns  "error shutting down connection" with the nested cause
"shutdown while in init" errors if the SSL handshake fails.

This error might not fatal, but it is confusing, and makes it harder
find the actual error one is looking for.
---
 src/lib.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index 47ff62f..04c0ffb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -269,7 +269,17 @@ where
     }
 
     fn poll_shutdown(mut self: Pin<&mut Self>, ctx: &mut Context) -> Poll<io::Result<()>> {
-        match self.as_mut().with_context(ctx, |s| s.shutdown()) {
+        let maybe_shutdown = |s: &mut openssl::ssl::SslStream<_>| {
+            if s.ssl().is_init_finished() {
+                s.shutdown()
+            } else {
+                // I would really like to return an error with ErrorCode::ZERO_RETURN here,
+                // but there aren't any public methonds to create openssl::error::Error
+                Ok(ShutdownResult::Received)
+            }
+        };
+
+        match self.as_mut().with_context(ctx, maybe_shutdown) {
             Ok(ShutdownResult::Sent) | Ok(ShutdownResult::Received) => {}
             Err(ref e) if e.code() == ErrorCode::ZERO_RETURN => {}
             Err(ref e) if e.code() == ErrorCode::WANT_READ || e.code() == ErrorCode::WANT_WRITE => {