Handle TLS handshake timing issue during upgrade (Nordix#11)

Make sure we handle setopt result
sanzor · Jun 13, 2020 · b3b34fe · b3b34fe
1 parent 68120d6
commit b3b34fe
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/include/eredis.hrl b/include/eredis.hrl
@@ -35,9 +35,8 @@
 
 -define(NL, "\r\n").
 
-%% initial active opt should be 'false' before a possible upgrade to ssl
 -define(SOCKET_MODE, binary).
--define(SOCKET_OPTS, [{active, false}, {packet, raw}, {reuseaddr, false},
+-define(SOCKET_OPTS, [{active, once}, {packet, raw}, {reuseaddr, false},
                       {keepalive, false}, {send_timeout, ?SEND_TIMEOUT}]).
 
 -define(RECV_TIMEOUT, 5000).

diff --git a/src/eredis_client.erl b/src/eredis_client.erl
@@ -361,8 +361,6 @@ connect(State) ->
         {ok, Socket} ->
             case maybe_upgrade_to_tls(Socket, State) of
                 {ok, NewSocket} ->
-                    %% Enter `{active, once}' mode. NOTE: tls/ssl doesn't support `{active, N}'
-                    ok = setopts(NewSocket, State#state.transport, [{active, once}]),
                     case authenticate(NewSocket, State#state.transport, State#state.password) of
                         ok ->
                             case select_database(NewSocket, State#state.transport, State#state.database) of
@@ -382,13 +380,21 @@ connect(State) ->
     end.
 
 maybe_upgrade_to_tls(Socket, #state{transport = tls} = State) ->
-    ssl:connect(Socket, State#state.tls_options, State#state.connect_timeout);
+    %% initial active opt should be 'false' before a possible upgrade to ssl
+    inet:setopts(Socket, [{active, false}]),
+    case ssl:connect(Socket, State#state.tls_options, State#state.connect_timeout) of
+        {ok, NewSocket} ->
+            %% Enter `{active, once}' mode. NOTE: tls/ssl doesn't support `{active, N}'
+            case ssl:setopts(NewSocket, [{active, once}]) of
+                ok -> {ok, NewSocket};
+                Reason -> Reason
+            end;
+        Reason -> Reason
+    end;
+
 maybe_upgrade_to_tls(Socket, _State) ->
     {ok, Socket}.
 
-setopts(Socket, tls, Opts) -> ssl:setopts(Socket, Opts);
-setopts(Socket,   _, Opts) -> inet:setopts(Socket, Opts).
-
 get_addr({local, Path}) ->
     {ok, {local, {local, Path}}};
 get_addr(Hostname) ->