server: swallow TLS errors in the accept loop (#1990)

* fix: swallow TLS errors in the accept loop * chore: address feedback
hyperium · Oct 15, 2024 · a00200e · a00200e
1 parent 71dcf86
commit a00200e
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/tonic/src/transport/server/incoming.rs b/tonic/src/transport/server/incoming.rs
@@ -33,7 +33,7 @@ where
         while let Some(item) = incoming.next().await {
             yield match item {
                 Ok(_) => item.map(ServerIo::new_io)?,
-                Err(e) => match handle_accept_error(e) {
+                Err(e) => match handle_tcp_accept_error(e) {
                     ControlFlow::Continue(()) => continue,
                     ControlFlow::Break(e) => Err(e)?,
                 }
@@ -74,11 +74,16 @@ where
                     yield io;
                 }
 
-                SelectOutput::Err(e) => match handle_accept_error(e) {
+                SelectOutput::TcpErr(e) => match handle_tcp_accept_error(e) {
                     ControlFlow::Continue(()) => continue,
                     ControlFlow::Break(e) => Err(e)?,
                 }
 
+                SelectOutput::TlsErr(e) => {
+                    tracing::debug!(error = %e, "tls accept error");
+                    continue;
+                }
+
                 SelectOutput::Done => {
                     break;
                 }
@@ -87,7 +92,7 @@ where
     }
 }
 
-fn handle_accept_error(e: impl Into<crate::Error>) -> ControlFlow<crate::Error> {
+fn handle_tcp_accept_error(e: impl Into<crate::Error>) -> ControlFlow<crate::Error> {
     let e = e.into();
     tracing::debug!(error = %e, "accept loop error");
     if let Some(e) = e.downcast_ref::<io::Error>() {
@@ -97,8 +102,6 @@ fn handle_accept_error(e: impl Into<crate::Error>) -> ControlFlow<crate::Error>
                 | io::ErrorKind::ConnectionReset
                 | io::ErrorKind::BrokenPipe
                 | io::ErrorKind::Interrupted
-                | io::ErrorKind::InvalidData // Raised if TLS handshake failed
-                | io::ErrorKind::UnexpectedEof // Raised if TLS handshake failed
                 | io::ErrorKind::WouldBlock
                 | io::ErrorKind::TimedOut
         ) {
@@ -121,7 +124,7 @@ where
         return match incoming.try_next().await {
             Ok(Some(stream)) => SelectOutput::Incoming(stream),
             Ok(None) => SelectOutput::Done,
-            Err(e) => SelectOutput::Err(e.into()),
+            Err(e) => SelectOutput::TcpErr(e.into()),
         };
     }
 
@@ -130,15 +133,15 @@ where
             match stream {
                 Ok(Some(stream)) => SelectOutput::Incoming(stream),
                 Ok(None) => SelectOutput::Done,
-                Err(e) => SelectOutput::Err(e.into()),
+                Err(e) => SelectOutput::TcpErr(e.into()),
             }
         }
 
         accept = tasks.join_next() => {
             match accept.expect("JoinSet should never end") {
                 Ok(Ok(io)) => SelectOutput::Io(io),
-                Ok(Err(e)) => SelectOutput::Err(e),
-                Err(e) => SelectOutput::Err(e.into()),
+                Ok(Err(e)) => SelectOutput::TlsErr(e),
+                Err(e) => SelectOutput::TlsErr(e.into()),
             }
         }
     }
@@ -148,7 +151,8 @@ where
 enum SelectOutput<A> {
     Incoming(A),
     Io(ServerIo<A>),
-    Err(crate::Error),
+    TcpErr(crate::Error),
+    TlsErr(crate::Error),
     Done,
 }