The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.
This commit is contained in:
Dr. Stephen Henson
parent
6899d9bbf6
commit
5598b99fb3
3 changed files with 29 additions and 2 deletions
|
|
@ -1836,6 +1836,20 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||
continue;
|
||||
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
|
||||
}
|
||||
if ((buf[0] == 'X') &&
|
||||
((buf[1] == '\n') || (buf[1] == '\r')))
|
||||
{
|
||||
SSL_renegotiate(con);
|
||||
i=SSL_do_handshake(con);
|
||||
printf("SSL_do_handshake1 -> %d\n",i);
|
||||
if (SSL_get_state(con) != SSL_ST_OK)
|
||||
printf("Bad State\n");
|
||||
con->state = SSL_ST_ACCEPT;
|
||||
i=SSL_do_handshake(con);
|
||||
printf("SSL_do_handshake2 -> %d\n",i);
|
||||
i=0; /*13; */
|
||||
continue;
|
||||
}
|
||||
if ((buf[0] == 'R') &&
|
||||
((buf[1] == '\n') || (buf[1] == '\r')))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -979,7 +979,6 @@ start:
|
|||
(s->session != NULL) && (s->session->cipher != NULL))
|
||||
{
|
||||
s->s3->handshake_fragment_len = 0;
|
||||
|
||||
if ((s->s3->handshake_fragment[1] != 0) ||
|
||||
(s->s3->handshake_fragment[2] != 0) ||
|
||||
(s->s3->handshake_fragment[3] != 0))
|
||||
|
|
|
|||
|
|
@ -448,7 +448,21 @@ int ssl3_accept(SSL *s)
|
|||
|
||||
case SSL3_ST_SW_FLUSH:
|
||||
/* number of bytes to be flushed */
|
||||
num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
|
||||
/* This originally and incorrectly called BIO_CTRL_INFO
|
||||
* The reason why this is wrong is mentioned in PR#1949.
|
||||
* Unfortunately, as suggested in that bug some
|
||||
* versions of Apache unconditionally return 0
|
||||
* for BIO_CTRL_WPENDING meaning we don't correctly
|
||||
* flush data and some operations, like renegotiation,
|
||||
* don't work. Other software may also be affected so
|
||||
* call BIO_CTRL_INFO to retain compatibility with
|
||||
* previous behaviour and BIO_CTRL_WPENDING if we
|
||||
* get zero to address the PR#1949 case.
|
||||
*/
|
||||
|
||||
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
|
||||
if (num1 == 0)
|
||||
num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
|
||||
if (num1 > 0)
|
||||
{
|
||||
s->rwstate=SSL_WRITING;
|
||||
|
|
|
|||
Loading…
Reference in a new issue