Backport SSL connect fixes.

Closes #2594.
Closes #2595.

ChangeLog.txt

@@ -22,6 +22,7 @@ Client library:
  cmake version to 3.1, which is still ancient.
 - Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl
  ctx not being initialised until starting to connect. Closes #2537.
+- Fix incorrect use of SSL_connect. Closes #2594.
 - Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
 - Add documentation of struct mosquitto_message to header. Closes #2561.
 

lib/loop.c

@@ -72,12 +72,6 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
  if(mosq->ssl){
  if(mosq->want_write){
  FD_SET(mosq->sock, &writefds);
- }else if(mosq->want_connect){
- /* Remove possible FD_SET from above, we don't want to check
- * for writing if we are still connecting, unless want_write is
- * definitely set. The presence of outgoing packets does not
- * matter yet. */
- FD_CLR(mosq->sock, &writefds);
  }
  }
 #endif
@@ -169,17 +163,9 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
  FD_SET(mosq->sock, &writefds);
  }
  if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
-#ifdef WITH_TLS
- if(mosq->want_connect){
- rc = net__socket_connect_tls(mosq);
- if(rc) return rc;
- }else
-#endif
- {
- rc = mosquitto_loop_write(mosq, max_packets);
- if(rc || mosq->sock == INVALID_SOCKET){
- return rc;
- }
+ rc = mosquitto_loop_write(mosq, max_packets);
+ if(rc || mosq->sock == INVALID_SOCKET){
+ return rc;
  }
  }
  }
@@ -373,16 +359,6 @@ int mosquitto_loop_read(struct mosquitto *mosq, int max_packets)
  int i;
  if(max_packets < 1) return MOSQ_ERR_INVAL;
 
-#ifdef WITH_TLS
- if(mosq->want_connect){
- rc = net__socket_connect_tls(mosq);
- if (MOSQ_ERR_TLS == rc){
- rc = mosquitto__loop_rc_handle(mosq, rc);
- }
- return rc;
- }
-#endif
-
  pthread_mutex_lock(&mosq->msgs_out.mutex);
  max_packets = mosq->msgs_out.queue_len;
  pthread_mutex_unlock(&mosq->msgs_out.mutex);

lib/mosquitto.c

@@ -334,8 +334,6 @@ bool mosquitto_want_write(struct mosquitto *mosq)
  if(mosq->ssl){
  if (mosq->want_write) {
  result = true;
- }else if(mosq->want_connect){
- result = false;
  }
  }
 #endif

lib/mosquitto_internal.h

@@ -272,7 +272,6 @@ struct mosquitto {
  enum mosquitto__keyform tls_keyform;
 #endif
  bool want_write;
- bool want_connect;
 #if defined(WITH_THREADING) && !defined(WITH_BROKER)
  pthread_mutex_t callback_mutex;
  pthread_mutex_t log_callback_mutex;

lib/net_mosq.c

@@ -569,31 +569,7 @@ int net__socket_connect_tls(struct mosquitto *mosq)
  return MOSQ_ERR_OCSP;
  }
  }
-
- ret = SSL_connect(mosq->ssl);
- if(ret != 1) {
- err = SSL_get_error(mosq->ssl, ret);
- if (err == SSL_ERROR_SYSCALL) {
- mosq->want_connect = true;
- return MOSQ_ERR_SUCCESS;
- }
- if(err == SSL_ERROR_WANT_READ){
- mosq->want_connect = true;
- /* We always try to read anyway */
- }else if(err == SSL_ERROR_WANT_WRITE){
- mosq->want_write = true;
- mosq->want_connect = true;
- }else{
- net__print_ssl_error(mosq);
-
- COMPAT_CLOSE(mosq->sock);
- mosq->sock = INVALID_SOCKET;
- net__print_ssl_error(mosq);
- return MOSQ_ERR_TLS;
- }
- }else{
- mosq->want_connect = false;
- }
+ SSL_set_connect_state(mosq->ssl);
  return MOSQ_ERR_SUCCESS;
 }
 #endif

lib/packet_mosq.c

@@ -236,11 +236,7 @@ int packet__write(struct mosquitto *mosq)
 #endif
 
  state = mosquitto__get_state(mosq);
-#if defined(WITH_TLS) && !defined(WITH_BROKER)
- if(state == mosq_cs_connect_pending || mosq->want_connect){
-#else
  if(state == mosq_cs_connect_pending){
-#endif
  pthread_mutex_unlock(&mosq->current_out_packet_mutex);
  return MOSQ_ERR_SUCCESS;
  }