Update demos/tutorial to distinguish between stream and connection errors

We can use SSL_get_stream_read_state() to distinguish these cases. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21765)
author: Matt Caswell <matt@openssl.org> 2023-08-21 16:11:17 +0200
committer: Matt Caswell <matt@openssl.org> 2023-08-25 12:42:51 +0200
commit: 02e36ed3525a2f0fda1b21e948ec5f522cf9379c (patch)
tree: bba75fcbd024109898a72749bec2be5381d51d54 /demos
parent: Clarify SSL_accept_stream/SSL_new_stream behaviour with a default stream (diff)
download: openssl-02e36ed3525a2f0fda1b21e948ec5f522cf9379c.tar.xz
openssl-02e36ed3525a2f0fda1b21e948ec5f522cf9379c.zip
2 files changed, 81 insertions, 12 deletions
diff --git a/demos/guide/quic-client-block.c b/demos/guide/quic-client-block.c
index be797707f1..54e52d5c28 100644
--- a/demos/guide/quic-client-block.c
+++ b/demos/guide/quic-client-block.c
@@ -251,13 +251,37 @@ int main(void)
      * QUIC terms this means that the peer has sent FIN on the stream to
      * indicate that no further data will be sent.
      */
-    if (SSL_get_error(ssl, 0) != SSL_ERROR_ZERO_RETURN) {
+    switch (SSL_get_error(ssl, 0)) {
+    case SSL_ERROR_ZERO_RETURN:
+        /* Normal completion of the stream */
+        break;
+
+    case SSL_ERROR_SSL:
         /*
-         * Some error occurred other than a graceful close down by the
-         * peer.
+         * Some stream fatal error occurred. This could be because of a stream
+         * reset - or some failure occurred on the underlying connection.
          */
+        switch (SSL_get_stream_read_state(ssl)) {
+        case SSL_STREAM_STATE_RESET_REMOTE:
+            printf("Stream reset occurred\n");
+            /* The stream has been reset but the connection is still healthy. */
+            break;
+
+        case SSL_STREAM_STATE_CONN_CLOSED:
+            printf("Connection closed\n");
+            /* Connection is already closed. Skip SSL_shutdown() */
+            goto end;
+
+        default:
+            printf("Unknown stream failure\n");
+            break;
+        }
+        break;
+
+    default:
+        /* Some other unexpected error occurred */
         printf ("Failed reading remaining data\n");
-        goto end;
+        break;
     }
 
     /*
diff --git a/demos/guide/quic-multi-stream.c b/demos/guide/quic-multi-stream.c
index 7a40d61ad4..86dc6e3502 100644
--- a/demos/guide/quic-multi-stream.c
+++ b/demos/guide/quic-multi-stream.c
@@ -288,13 +288,37 @@ int main(void)
      * QUIC terms this means that the peer has sent FIN on the stream to
      * indicate that no further data will be sent.
      */
-    if (SSL_get_error(stream1, 0) != SSL_ERROR_ZERO_RETURN) {
+    switch (SSL_get_error(stream1, 0)) {
+    case SSL_ERROR_ZERO_RETURN:
+        /* Normal completion of the stream */
+        break;
+
+    case SSL_ERROR_SSL:
         /*
-         * Some error occurred other than a graceful close down by the
-         * peer.
+         * Some stream fatal error occurred. This could be because of a stream
+         * reset - or some failure occurred on the underlying connection.
          */
-        printf ("Failed reading remaining data from stream 1\n");
-        goto end;
+        switch (SSL_get_stream_read_state(stream1)) {
+        case SSL_STREAM_STATE_RESET_REMOTE:
+            printf("Stream reset occurred\n");
+            /* The stream has been reset but the connection is still healthy. */
+            break;
+
+        case SSL_STREAM_STATE_CONN_CLOSED:
+            printf("Connection closed\n");
+            /* Connection is already closed. Skip SSL_shutdown() */
+            goto end;
+
+        default:
+            printf("Unknown stream failure\n");
+            break;
+        }
+        break;
+
+    default:
+        /* Some other unexpected error occurred */
+        printf ("Failed reading remaining data\n");
+        break;
     }
 
     /*
@@ -325,9 +349,30 @@ int main(void)
     printf("\n");
 
     /* Check for errors on the stream */
-    if (SSL_get_error(stream3, 0) != SSL_ERROR_ZERO_RETURN) {
-        printf ("Failed reading remaining data from stream 3\n");
-        goto end;
+    switch (SSL_get_error(stream3, 0)) {
+    case SSL_ERROR_ZERO_RETURN:
+        /* Normal completion of the stream */
+        break;
+
+    case SSL_ERROR_SSL:
+        switch (SSL_get_stream_read_state(stream3)) {
+        case SSL_STREAM_STATE_RESET_REMOTE:
+            printf("Stream reset occurred\n");
+            break;
+
+        case SSL_STREAM_STATE_CONN_CLOSED:
+            printf("Connection closed\n");
+            goto end;
+
+        default:
+            printf("Unknown stream failure\n");
+            break;
+        }
+        break;
+
+    default:
+        printf ("Failed reading remaining data\n");
+        break;
     }
 
     /*
author	Matt Caswell <matt@openssl.org>	2023-08-21 16:11:17 +0200
committer	Matt Caswell <matt@openssl.org>	2023-08-25 12:42:51 +0200
commit	02e36ed3525a2f0fda1b21e948ec5f522cf9379c (patch)
tree	bba75fcbd024109898a72749bec2be5381d51d54 /demos
parent	Clarify SSL_accept_stream/SSL_new_stream behaviour with a default stream (diff)
download	openssl-02e36ed3525a2f0fda1b21e948ec5f522cf9379c.tar.xz openssl-02e36ed3525a2f0fda1b21e948ec5f522cf9379c.zip