SERVER-47373 Improve handling of empty TLS packets

(cherry picked from commit b0b768dfb4d7957817f5e06920d081a46a3debe9)

1 files changed, 13 insertions, 2 deletions

diff --git a/src/mongo/util/net/ssl/detail/impl/schannel.ipp b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
index 0fcbf547c39..212990903b2 100644
--- a/src/mongo/util/net/ssl/detail/impl/schannel.ipp
+++ b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
@@ -250,8 +250,15 @@ ssl_want SSLHandshakeManager::startShutdown(asio::error_code& ec) {
             return ssl_want::want_nothing;
         }
 
-        // TODO - I have not found a way to hit this code path
-        ASIO_ASSERT(false);
+        _pOutBuffer->reset();
+        _pOutBuffer->append(outputBuffers[0].pvBuffer, outputBuffers[0].cbBuffer);
+
+        if (SEC_E_OK == ss && outputBuffers[0].cbBuffer != 0) {
+            ec = asio::error::eof;
+            return ssl_want::want_output;
+        } else {
+            return ssl_want::want_nothing;
+        }
     }
 
     return ssl_want::want_nothing;
@@ -638,6 +645,10 @@ ssl_want SSLReadManager::decryptBuffer(asio::error_code& ec, DecryptState* pDecr
 
             return ssl_want::want_nothing;
         } else {
+            // Clear the existing TLS packet from the input buffer since it was completely empty
+            // and we have already processed any extra data.
+            _pInBuffer->reset();
+
             // Sigh, this means that the remote side sent us an TLS record with just a encryption
             // header/trailer but no actual data.
             //