$OpenBSD: patch-imap_src_osdep_unix_ssl_unix_c,v 1.3 2021/02/04 22:13:23 sthen Exp $

* some popular mail services enforce SNI for TLSv1.3 clients, so send it
* retry SSL_write on blocking socket if we're told to do so.

Index: imap/src/osdep/unix/ssl_unix.c
--- imap/src/osdep/unix/ssl_unix.c.orig
+++ imap/src/osdep/unix/ssl_unix.c
@@ -391,6 +391,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *h
 {
   BIO *bio;
   X509 *cert;
+  int ssl_err;
   unsigned long sl,tl;
   int minv, maxv;
   int masklow, maskhigh;
@@ -459,7 +460,13 @@ static char *ssl_start_work (SSLSTREAM *stream,char *h
   SSL_set_connect_state (stream->con);
   if (SSL_in_init (stream->con)) SSL_total_renegotiations (stream->con);
 				/* now negotiate SSL */
-  if (SSL_write (stream->con,"",0) < 0)
+  do {
+    ssl_err = SSL_write (stream->con,"",0);
+  } while (ssl_err < 0 &&
+      ((SSL_get_error(stream->con, ssl_err) == SSL_ERROR_SYSCALL && errno == EINTR) ||
+       SSL_get_error(stream->con, ssl_err) == SSL_ERROR_WANT_READ ||
+        SSL_get_error(stream->con, ssl_err) == SSL_ERROR_WANT_WRITE));
+  if (ssl_err < 0)
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
 				/* need to validate host names? */
   if (!(flags & NET_NOVALIDATECERT) &&
