From a42faf1cc21ca64218fc468442e02d439249c25f Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 23 Sep 2018 18:01:38 +0900
Subject: [PATCH] nghttpx: Write TLS alert during handshake

---
 src/shrpx_connection.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc
index 05572698..335e4e48 100644
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -461,12 +461,21 @@ int Connection::tls_handshake() {
       break;
     case SSL_ERROR_WANT_WRITE:
       break;
-    case SSL_ERROR_SSL:
+    case SSL_ERROR_SSL: {
       if (LOG_ENABLED(INFO)) {
         LOG(INFO) << "tls: handshake libssl error: "
                   << ERR_error_string(ERR_get_error(), nullptr);
       }
+
+      struct iovec iov;
+      auto iovcnt = tls.wbuf.riovec(&iov, 1);
+      auto nwrite = writev_clear(&iov, iovcnt);
+      if (nwrite > 0) {
+        tls.wbuf.drain(nwrite);
+      }
+
       return SHRPX_ERR_NETWORK;
+    }
     default:
       if (LOG_ENABLED(INFO)) {
         LOG(INFO) << "tls: handshake libssl error " << err;