From 1fef5922da63125e3ac262aa3d8360210a9edb1f Mon Sep 17 00:00:00 2001
From: Kevin Burke <kevin@burke.dev>
Date: Tue, 2 Nov 2021 22:50:07 -0700
Subject: vtls/rustls: handle RUSTLS_RESULT_PLAINTEXT_EMPTY

Previously we'd return CURLE_READ_ERROR if we received this, instead
of triggering the error handling logic that's present in the next if
block down.

After this change, curl requests to https://go.googlesource.com using
HTTP/2 complete successfully.

Fixes #7949
Closes #7948
---
 lib/vtls/rustls.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 338dc7246..9944d9ac4 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -161,20 +161,17 @@ cr_recv(struct Curl_easy *data, int sockindex,
       (uint8_t *)plainbuf + plain_bytes_copied,
       plainlen - plain_bytes_copied,
       &n);
-    if(rresult == RUSTLS_RESULT_ALERT_CLOSE_NOTIFY) {
+    if(n == 0) {
       *err = CURLE_OK;
       return 0;
     }
-    else if(rresult != RUSTLS_RESULT_OK) {
+    else if(rresult != RUSTLS_RESULT_OK &&
+            rresult != RUSTLS_RESULT_PLAINTEXT_EMPTY) {
       failf(data, "error in rustls_connection_read");
       *err = CURLE_READ_ERROR;
       return -1;
     }
-    else if(n == 0) {
-      /* rustls returns 0 from connection_read to mean "all currently
-        available data has been read." If we bring in more ciphertext with
-        read_tls, more plaintext will become available. So don't tell curl
-        this is an EOF. Instead, say "come back later." */
+    else if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) {
       infof(data, "cr_recv got 0 bytes of plaintext");
       backend->data_pending = FALSE;
       break;
-- 
cgit v1.2.1