(nuttx-apps) 02/03: crypto/openssl-wrapper: fix SSL error code mapping

Wed, 21 Jan 2026 03:25:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git

commit 690d8bddceb4d212edd33e70e22ade0d0c6fb5a9
Author: makejian <[email protected]>
AuthorDate: Wed Aug 13 19:30:14 2025 +0800

    crypto/openssl-wrapper: fix SSL error code mapping
    
    Map mbedtls error codes to OpenSSL standard return codes in
    SSL_connect/SSL_do_handshake:
    - Return 1 on success
    - Return 0 on controlled shutdown
    - Return -1 on fatal error (was returning mbedtls error codes)
    
    This aligns the return values with OpenSSL specification where
    SSL_get_error() should be called to get the actual error reason.
    
    Signed-off-by: makejian <[email protected]>
---
 crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c 
b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c
index 84ba2345e..4924969c9 100644
--- a/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c
+++ b/crypto/openssl_mbedtls_wrapper/mbedtls/ssl_pm.c
@@ -368,17 +368,21 @@ int ssl_pm_handshake(SSL *ssl)
     }
 
   /* OpenSSL return codes:
-   *   0 = did not complete, but may be retried
+   *   0 = The TLS/SSL handshake was not successful but was shut down
+   *       controlled and by the specifications of the TLS/SSL protocol.
    *   1 = successfully completed
-   *   <0 = death
+   *   <0 = The TLS/SSL handshake was not successful because a fatal error
+   *        occurred either at the protocol level or a connection failure
+   *        occurred.
    */
 
   if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
     {
-      ssl->err = ret;
+      ssl->err = (ret == MBEDTLS_ERR_SSL_WANT_READ) ? SSL_ERROR_WANT_READ :
+                                                      SSL_ERROR_WANT_WRITE;
       SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL,
                 "mbedtls_ssl_handshake() return -0x%x", -ret);
-      return 0; /* OpenSSL: did not complete but may be retried */
+      return -1;
     }
 
   if (ret == 0)
@@ -397,7 +401,7 @@ int ssl_pm_handshake(SSL *ssl)
     {
       ssl->err = ret == MBEDTLS_ERR_SSL_WANT_READ;
 
-      return 0;
+      return -1;
     }
 
   SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL,

Reply via email to