From 7a1dfe7cb14191fed344c07ff72f03cdbed8be1c Mon Sep 17 00:00:00 2001 From: Felix-Gong Date: Sun, 31 May 2026 07:37:09 +0000 Subject: [PATCH] Fix HTTPS pooled client crash on unexpected SSL EOF When OpenSSL 3.x detects unexpected EOF (peer closed without close_notify), SSL_read returns 0 with SSL_ERROR_SSL. The code didn't return -1, causing error_code=0 to propagate to Controller::SetFailed() which triggers CHECK(false). Fix by returning -1 with errno=ESSL when SSL errors are detected in DoRead(), instead of falling through and returning nr. Discovered during RISC-V porting and integration testing. Fixes #3307 Signed-off-by: Felix Gong --- src/brpc/socket.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp index 0ca6950428..aa349ec8c3 100644 --- a/src/brpc/socket.cpp +++ b/src/brpc/socket.cpp @@ -2133,7 +2133,14 @@ ssize_t Socket::DoRead(size_t size_hint) { default: { const unsigned long e = ERR_get_error(); if (nr == 0) { - // Socket EOF or SSL session EOF + if (ssl_error != SSL_ERROR_ZERO_RETURN) { + // Unexpected EOF without proper SSL shutdown (close_notify) + LOG(WARNING) << "Fail to read from ssl_fd=" << fd() + << ": unexpected ssl_error=" << ssl_error; + errno = ESSL; + return -1; + } + // Clean SSL shutdown (close_notify received) } else if (e != 0) { LOG(WARNING) << "Fail to read from ssl_fd=" << fd() << ": " << SSLError(e);