[PATCH] subversion issue #4174 - serf: checkout / export over https errors out with "svn: E730053: Error retrieving REPORT (730053)"

[Lieven Govaerts]

Hi Johan,


as you seem to be the only one encountering issue 4174, would you mind
testing attached serf patch?
You'll have to update serf trunk to r1627 to apply it cleanly.

It fixes the issue for me on Windows 7 with svn trunk and serf trunk.
While I have tested the patches on Mac OS X too, I couldn't reproduce
the original problem.

[[[
Fix https onnection abort issue when using https. This should fix
Subversion issue 4174:
http://subversion.tigris.org/issues/show_bug.cgi?id=4174

When the server sends us a "close notify" SSL Alert indicating that it's
going to close the socket, we have to stop sending on that socket immediately.

Failing to do so will make the server reset the connection, which can result
in an ECONNABORTED error upon next read or write. This seems to happen esp.
on Windows.

* buckets/ssl_buckets.c
  (ssl_decrypt): when SSL_read returns ok but with length 0, a "close notify"
   alert was received. Return APR_EOF to let upstream know that we're done
   with this socket.

* outgoing.c
  (read_from_connection): Add comment to note that SSL alert's are also an
   example of unexpected incoming data.
]]]

regards,

Lieven

Index: outgoing.c
===================================================================
--- outgoing.c  (revision 1627)
+++ outgoing.c  (working copy)
@@ -945,10 +945,12 @@ static apr_status_t read_from_connection(serf_conn
          * 2) Doing the initial SSL handshake - we'll get EAGAIN
          *    as the SSL buckets will hide the handshake from us
          *    but not return any data.
+         * 3) When the server sends us an SSL alert.
          *
          * In these cases, we should not receive any actual user data.
          *
-         * If we see an EOF (due to an expired timeout), we'll reset the
+         * If we see an EOF (due to either an expired timeout or the serer
+         * sending the SSL 'close notify' shutdown alert), we'll reset the
          * connection and open a new one.
          */
         if (request->req_bkt || !request->written) {
Index: buckets/ssl_buckets.c
===================================================================
--- buckets/ssl_buckets.c       (revision 1627)
+++ buckets/ssl_buckets.c       (working copy)
@@ -626,7 +626,15 @@ static apr_status_t ssl_decrypt(void *baton, apr_s
                 break;
             }
         }
-        else {
+        else if (ssl_len == 0 && status == 0) {
+                 /* The server shut down the connection. */
+                 *len = 0;
+#ifdef SSL_VERBOSE
+                 printf("ssl_decrypt: SSL read error: server shut down"\
+                        "connection!\n");
+#endif
+                status = APR_EOF;
+        } else {
             *len = ssl_len;
 #ifdef SSL_VERBOSE
             printf("---\n%.*s\n-(%d)-\n", *len, buf, *len);