From f9ae69de6204289abc1702ba359fcd9b0387572c Mon Sep 17 00:00:00 2001
From: Mark Benvenuto <mark.benvenuto@mongodb.com>
Date: Mon, 13 Apr 2020 12:15:53 -0400
Subject: SERVER-47373 Improve handling of empty TLS packets

(cherry picked from commit b0b768dfb4d7957817f5e06920d081a46a3debe9)
---
 src/mongo/util/net/ssl/detail/impl/schannel.ipp | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/mongo/util/net/ssl/detail/impl/schannel.ipp b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
index 0fcbf547c39..212990903b2 100644
--- a/src/mongo/util/net/ssl/detail/impl/schannel.ipp
+++ b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
@@ -250,8 +250,15 @@ ssl_want SSLHandshakeManager::startShutdown(asio::error_code& ec) {
             return ssl_want::want_nothing;
         }
 
-        // TODO - I have not found a way to hit this code path
-        ASIO_ASSERT(false);
+        _pOutBuffer->reset();
+        _pOutBuffer->append(outputBuffers[0].pvBuffer, outputBuffers[0].cbBuffer);
+
+        if (SEC_E_OK == ss && outputBuffers[0].cbBuffer != 0) {
+            ec = asio::error::eof;
+            return ssl_want::want_output;
+        } else {
+            return ssl_want::want_nothing;
+        }
     }
 
     return ssl_want::want_nothing;
@@ -638,6 +645,10 @@ ssl_want SSLReadManager::decryptBuffer(asio::error_code& ec, DecryptState* pDecr
 
             return ssl_want::want_nothing;
         } else {
+            // Clear the existing TLS packet from the input buffer since it was completely empty
+            // and we have already processed any extra data.
+            _pInBuffer->reset();
+
             // Sigh, this means that the remote side sent us an TLS record with just a encryption
             // header/trailer but no actual data.
             //
-- 
cgit v1.2.1