Backport SSL connect fixes.

Closes #2594.
Closes #2595.

ChangeLog.txt

@@ -22,6 +22,7 @@ Client library:
   cmake version to 3.1, which is still ancient.
 - Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl
   ctx not being initialised until starting to connect. Closes #2537.
+- Fix incorrect use of SSL_connect. Closes #2594.
 - Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
 - Add documentation of struct mosquitto_message to header. Closes #2561.
 

lib/loop.c

@@ -72,12 +72,6 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
 		if(mosq->ssl){
 			if(mosq->want_write){
 				FD_SET(mosq->sock, &writefds);
-			}else if(mosq->want_connect){
-				/* Remove possible FD_SET from above, we don't want to check
-				 * for writing if we are still connecting, unless want_write is
-				 * definitely set. The presence of outgoing packets does not
-				 * matter yet. */
-				FD_CLR(mosq->sock, &writefds);
 			}
 		}
 #endif
@@ -169,20 +163,12 @@ int mosquitto_loop(struct mosquitto *mosq, int timeout, int max_packets)
 					FD_SET(mosq->sock, &writefds);
 			}
 			if(mosq->sock != INVALID_SOCKET && FD_ISSET(mosq->sock, &writefds)){
-#ifdef WITH_TLS
-				if(mosq->want_connect){
-					rc = net__socket_connect_tls(mosq);
-					if(rc) return rc;
-				}else
-#endif
-				{
 				rc = mosquitto_loop_write(mosq, max_packets);
 				if(rc || mosq->sock == INVALID_SOCKET){
 					return rc;
 				}
 			}
 		}
-		}
 #ifdef WITH_SRV
 		if(mosq->achan){
 			ares_process(mosq->achan, &readfds, &writefds);
@@ -373,16 +359,6 @@ int mosquitto_loop_read(struct mosquitto *mosq, int max_packets)
 	int i;
 	if(max_packets < 1) return MOSQ_ERR_INVAL;
 
-#ifdef WITH_TLS
-	if(mosq->want_connect){
-		rc = net__socket_connect_tls(mosq);
-		if (MOSQ_ERR_TLS == rc){
-			rc = mosquitto__loop_rc_handle(mosq, rc);
-		}
-		return rc;
-	}
-#endif
-
 	pthread_mutex_lock(&mosq->msgs_out.mutex);
 	max_packets = mosq->msgs_out.queue_len;
 	pthread_mutex_unlock(&mosq->msgs_out.mutex);

lib/mosquitto.c

@@ -334,8 +334,6 @@ bool mosquitto_want_write(struct mosquitto *mosq)
 	if(mosq->ssl){
 		if (mosq->want_write) {
 			result = true;
-		}else if(mosq->want_connect){
-			result = false;
 		}
 	}
 #endif

lib/mosquitto_internal.h

@@ -272,7 +272,6 @@ struct mosquitto {
 	enum mosquitto__keyform tls_keyform;
 #endif
 	bool want_write;
-	bool want_connect;
 #if defined(WITH_THREADING) && !defined(WITH_BROKER)
 	pthread_mutex_t callback_mutex;
 	pthread_mutex_t log_callback_mutex;

lib/net_mosq.c

@@ -569,31 +569,7 @@ int net__socket_connect_tls(struct mosquitto *mosq)
 			return MOSQ_ERR_OCSP;
 		}
 	}
-
+	SSL_set_connect_state(mosq->ssl);
-	ret = SSL_connect(mosq->ssl);
-	if(ret != 1) {
-		err = SSL_get_error(mosq->ssl, ret);
-		if (err == SSL_ERROR_SYSCALL) {
-			mosq->want_connect = true;
-			return MOSQ_ERR_SUCCESS;
-		}
-		if(err == SSL_ERROR_WANT_READ){
-			mosq->want_connect = true;
-			/* We always try to read anyway */
-		}else if(err == SSL_ERROR_WANT_WRITE){
-			mosq->want_write = true;
-			mosq->want_connect = true;
-		}else{
-			net__print_ssl_error(mosq);
-
-			COMPAT_CLOSE(mosq->sock);
-			mosq->sock = INVALID_SOCKET;
-			net__print_ssl_error(mosq);
-			return MOSQ_ERR_TLS;
-		}
-	}else{
-		mosq->want_connect = false;
-	}
 	return MOSQ_ERR_SUCCESS;
 }
 #endif

lib/packet_mosq.c

@@ -236,11 +236,7 @@ int packet__write(struct mosquitto *mosq)
 #endif
 
 	state = mosquitto__get_state(mosq);
-#if defined(WITH_TLS) && !defined(WITH_BROKER)
-	if(state == mosq_cs_connect_pending || mosq->want_connect){
-#else
 	if(state == mosq_cs_connect_pending){
-#endif
 		pthread_mutex_unlock(&mosq->current_out_packet_mutex);
 		return MOSQ_ERR_SUCCESS;
 	}