While debugging an issue with proxysql which leverages the mariadb client library I found that ma_tls_async_check_result() improperly considers a return value of 0 from SSL_read/write as success. I filed the following pull request via github, but haven't seen any movement on it so found this Jira project and decided to see if this is the proper place to file these sorts of issues.

Please let me know if you need more information about the issue. This is my first proposed patch to mariadb.

https://github.com/mariadb-corporation/mariadb-connector-c/pull/243

SSL_read man page states:

Return Values
The following return values can occur:

>0
The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection.

0

The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set (see ssl_shutdown(3), ssl_set_shutdown(3)). It is also possible, that the peer simply shut down the underlying transport and the shutdown is incomplete. Call SSL_get_error() with the return value ret to find out, whether an error occurred or the connection was shut down cleanly ( SSL_ERROR_ZERO_RETURN ).

SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, whether the closure was initiated by the peer or by something else.