From 0b13dba282422eff12c75e7db366ce2dde58db4e Mon Sep 17 00:00:00 2001
From: Matt Klein <mklein@lyft.com>
Date: Sat, 1 Apr 2017 11:45:33 -0700
Subject: [PATCH 1/2] ssl: increment stat when there is a handshake/connection
 error

I think this was lost when we did the bufferevent removal.

Fixes https://github.com/lyft/envoy/issues/637
---
 source/common/ssl/connection_impl.cc    | 1 +
 test/common/ssl/connection_impl_test.cc | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/source/common/ssl/connection_impl.cc b/source/common/ssl/connection_impl.cc
index 2ba3f1647f667..c60b1ca891617 100644
--- a/source/common/ssl/connection_impl.cc
+++ b/source/common/ssl/connection_impl.cc
@@ -119,6 +119,7 @@ Network::ConnectionImpl::PostIoAction ConnectionImpl::doHandshake() {
 }
 
 void ConnectionImpl::drainErrorQueue() {
+  ctx_.stats().connection_error_.inc();
   while (uint64_t err = ERR_get_error()) {
     conn_log_debug("SSL error: {}:{}:{}:{}", *this, err, ERR_lib_error_string(err),
                    ERR_func_error_string(err), ERR_reason_error_string(err));
diff --git a/test/common/ssl/connection_impl_test.cc b/test/common/ssl/connection_impl_test.cc
index 243020e365f74..46330d1c59f7e 100644
--- a/test/common/ssl/connection_impl_test.cc
+++ b/test/common/ssl/connection_impl_test.cc
@@ -248,6 +248,8 @@ TEST(SslConnectionImplTest, SslError) {
       }));
 
   dispatcher.run(Event::Dispatcher::RunType::Block);
+
+  EXPECT_EQ(1UL, stats_store.counter("ssl.connection_error").value());
 }
 
 class SslReadBufferLimitTest : public testing::Test {

From ac6cc0cd7e5fdae7ce82b19f88ff9d06445a246d Mon Sep 17 00:00:00 2001
From: Matt Klein <mklein@lyft.com>
Date: Sat, 1 Apr 2017 11:51:55 -0700
Subject: [PATCH 2/2] fix

---
 source/common/ssl/connection_impl.cc    | 7 ++++++-
 test/common/ssl/connection_impl_test.cc | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/source/common/ssl/connection_impl.cc b/source/common/ssl/connection_impl.cc
index c60b1ca891617..a4d185ee00b00 100644
--- a/source/common/ssl/connection_impl.cc
+++ b/source/common/ssl/connection_impl.cc
@@ -119,8 +119,13 @@ Network::ConnectionImpl::PostIoAction ConnectionImpl::doHandshake() {
 }
 
 void ConnectionImpl::drainErrorQueue() {
-  ctx_.stats().connection_error_.inc();
+  bool saw_error = false;
   while (uint64_t err = ERR_get_error()) {
+    if (!saw_error) {
+      ctx_.stats().connection_error_.inc();
+      saw_error = true;
+    }
+
     conn_log_debug("SSL error: {}:{}:{}:{}", *this, err, ERR_lib_error_string(err),
                    ERR_func_error_string(err), ERR_reason_error_string(err));
     UNREFERENCED_PARAMETER(err);
diff --git a/test/common/ssl/connection_impl_test.cc b/test/common/ssl/connection_impl_test.cc
index 46330d1c59f7e..22cd03e3c8910 100644
--- a/test/common/ssl/connection_impl_test.cc
+++ b/test/common/ssl/connection_impl_test.cc
@@ -346,6 +346,8 @@ class SslReadBufferLimitTest : public testing::Test {
     }
 
     dispatcher.run(Event::Dispatcher::RunType::Block);
+
+    EXPECT_EQ(0UL, stats_store.counter("ssl.connection_error").value());
   }
 };