MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY handling results in assertion failure

[AndrewLipscomb]

From commit c25026c9

The translation of the MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY error code results in a non-error code being set for the encapsulating socketpp::socket class

        int translate_mbed_err(int mbedErr) {
            switch (mbedErr) {
                case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
                    return 0;

This is called from the context of socket->read

    ssize_t TCPSocket::_read(void *dst, size_t byteCount) {
        Assert(byteCount > 0);
        ssize_t n = _socket->read(dst, byteCount);
        if (n < 0) {
            if (socketToPosixErrCode(_socket->last_error()) == EWOULDBLOCK)
                return 0;
            checkStreamError();
        } else if (n == 0) {
            _eofOnRead = true;
        }
        return n;
    }

Which in checkStreamError will hit the assertion

    void TCPSocket::checkStreamError() {
        int err = _socket->last_error();
        Assert(err != 0);

You can replicate this pretty simply - hook up a stock CBL to an AWS Load Balancer with default settings - the default 60s timeout will trigger this behaviour. I'm not sure why that error is masked over - I am guessing there is a reason but its not really commented.

I've not had time to test a newer commit yet - will retry this when I have time. However cursory reading of the latest commits seems to follow the same path

[borrrden]

@pasin I think you addressed this right?

[pasin]

The handling for MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY was not revised or fixed.

[jianminzhao]

Triaged: CBL-3663