From 76b81c9f8373bff828a0d7b544be8fb7dfabd49f Mon Sep 17 00:00:00 2001
From: samuel40791765 <sachiang@amazon.com>
Date: Thu, 1 Feb 2024 23:06:10 +0000
Subject: [PATCH] rearrange check and add aws-lc verification

---
 ssl/ssl_lib.cc                                | 14 +-------------
 tests/ci/integration/run_bind9_integration.sh | 19 ++++++++++++++++---
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 7a3443d0223..24cfecea100 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1394,6 +1394,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
     case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
     case SSL_ERROR_WANT_RENEGOTIATE:
     case SSL_ERROR_HANDSHAKE_HINTS_READY:
+    case SSL_ERROR_ZERO_RETURN:
       return ssl->s3->rwstate;
 
     case SSL_ERROR_WANT_READ: {
@@ -1438,19 +1439,6 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
     }
   }
 
-  // An EOF was observed which violates the protocol, and the underlying
-  // transport does not participate in the error queue.
-  //
-  // This was moved earlier in the function by BoringSSL and used to be
-  // wrapped with a check for |ret_code| == 0 in OpenSSL 1.0.2. Since
-  // OpenSSL 1.1.1, the check for |ret_code| has been removed and we've
-  // moved this back before the final return to gain better parity with
-  // OpenSSL.
-  // See openssl/openssl@8051ab2 for more details.
-  if (ssl->s3->rwstate == SSL_ERROR_ZERO_RETURN) {
-    return SSL_ERROR_ZERO_RETURN;
-  }
-
   return SSL_ERROR_SYSCALL;
 }
 
diff --git a/tests/ci/integration/run_bind9_integration.sh b/tests/ci/integration/run_bind9_integration.sh
index 7e674fad78e..92ff7dfe64e 100755
--- a/tests/ci/integration/run_bind9_integration.sh
+++ b/tests/ci/integration/run_bind9_integration.sh
@@ -24,7 +24,13 @@ AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install"
 
 function bind9_build() {
   autoreconf -fi  
-  PKG_CONFIG_PATH="${AWS_LC_INSTALL_FOLDER}/lib/pkgconfig" ./configure --with-openssl="${AWS_LC_INSTALL_FOLDER}" --enable-dnstap --enable-dnsrps --with-cmocka --with-libxml2 --enable-leak-detection
+  PKG_CONFIG_PATH="${AWS_LC_INSTALL_FOLDER}/lib/pkgconfig" ./configure \
+      --with-openssl="${AWS_LC_INSTALL_FOLDER}" \
+      --enable-dnstap \
+      --enable-dnsrps \
+      --with-cmocka \
+      --with-libxml2 \
+      --enable-leak-detection
   make -j ${NUM_CPU_THREADS} -k all
 }
 
@@ -48,7 +54,8 @@ git clone https://gitlab.isc.org/isc-projects/bind9.git ${BIND9_SRC_FOLDER} --de
 mkdir -p ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} ${BIND9_BUILD_FOLDER}
 ls
 
-aws_lc_build ${SRC_ROOT} ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} -DBUILD_TESTING=OFF
+aws_lc_build ${SRC_ROOT} ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} -DBUILD_TESTING=OFF -DBUILD_TOOL=OFF -DBUILD_SHARED_LIBS=1
+export LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib"
 
 # Build bind9 from source.
 pushd ${BIND9_SRC_FOLDER}
@@ -56,5 +63,11 @@ pushd ${BIND9_SRC_FOLDER}
 bind9_patch
 bind9_build
 bind9_run_tests
-popd
 
+# Iterate through all of bind's vended artifacts.
+for libname in dns ns isc isccc isccfg; do
+  ldd "${BIND9_SRC_FOLDER}/lib/${libname}/.libs/lib${libname}.so" | grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1
+  ldd "${BIND9_SRC_FOLDER}/lib/${libname}/.libs/lib${libname}.so" | grep "${AWS_LC_INSTALL_FOLDER}/lib/libssl.so" || exit 1
+done
+
+popd