fix(ssl) fix ssl shutdown (oven-sh#12492)

Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
luqmanoop · Jul 11, 2024 · 4c87406 · 4c87406
1 parent 5f7b96b
commit 4c87406
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/packages/bun-usockets/src/crypto/openssl.c b/packages/bun-usockets/src/crypto/openssl.c
@@ -1740,15 +1740,20 @@ void us_internal_ssl_socket_shutdown(struct us_internal_ssl_socket_t *s) {
     loop_ssl_data->ssl_socket = &s->s;
 
     loop_ssl_data->msg_more = 0;
-
     // sets SSL_SENT_SHUTDOWN no matter what (not actually true if error!)
     int ret = SSL_shutdown(s->ssl);
     if (ret == 0) {
       ret = SSL_shutdown(s->ssl);
     }
 
-    if (ret < 0) {
+    if (SSL_in_init(s->ssl) || SSL_get_quiet_shutdown(s->ssl)) {
+      // when SSL_in_init or quiet shutdown in BoringSSL, we call shutdown
+      // directly
+      us_socket_shutdown(0, &s->s);
+      return;
+    }
 
+    if (ret < 0) {
       int err = SSL_get_error(s->ssl, ret);
       if (err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL) {
         // clear

diff --git a/src/deps/boringssl.translated.zig b/src/deps/boringssl.translated.zig
@@ -19162,7 +19162,6 @@ pub const SSL_CTX = opaque {
         if (auto_crypto_buffer_pool == null) auto_crypto_buffer_pool = CRYPTO_BUFFER_POOL_new();
         SSL_CTX_set0_buffer_pool(ctx, auto_crypto_buffer_pool);
         _ = SSL_CTX_set_cipher_list(ctx, SSL_DEFAULT_CIPHER_LIST);
-        SSL_CTX_set_quiet_shutdown(ctx, 1);
     }
 
     pub inline fn setCustomVerify(this: *SSL_CTX, cb: ?VerifyCallback) void {

diff --git a/test/js/web/fetch/fetch.tls.test.ts b/test/js/web/fetch/fetch.tls.test.ts
@@ -225,3 +225,36 @@ it("fetch should respect rejectUnauthorized env", async () => {
     expect(exitCode2).toBe(1);
   });
 });
+
+it("fetch timeout works on tls", async () => {
+  using server = Bun.serve({
+    tls: cert1,
+    hostname: "localhost",
+    port: 0,
+    rejectUnauthorized: false,
+    async fetch() {
+      async function* body() {
+        yield "Hello, ";
+        await Bun.sleep(500); // should only take 200ms
+        yield "World!";
+      }
+      return new Response(body);
+    },
+  });
+  const start = performance.now();
+  const TIMEOUT = 200;
+  const THRESHOLD = 100;
+
+  try {
+    await fetch(server.url, {
+      signal: AbortSignal.timeout(TIMEOUT),
+      tls: { ca: cert1.cert },
+    }).then(res => res.text());
+  } catch (e) {
+    expect(e.name).toBe("TimeoutError");
+  } finally {
+    const total = performance.now() - start;
+    expect(total).toBeGreaterThan(TIMEOUT - THRESHOLD);
+    expect(total).toBeLessThan(TIMEOUT + THRESHOLD);
+  }
+});