From 5598b99fb324ab97e5ea196d5eacddaed0e054c6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 24 Jan 2010 13:50:57 +0000 Subject: [PATCH] The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour. --- apps/s_server.c | 14 ++++++++++++++ ssl/s3_pkt.c | 1 - ssl/s3_srvr.c | 16 +++++++++++++++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 88b308ca38..f44bf5e840 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1836,6 +1836,20 @@ static int sv_body(char *hostname, int s, unsigned char *context) continue; /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ } + if ((buf[0] == 'X') && + ((buf[1] == '\n') || (buf[1] == '\r'))) + { + SSL_renegotiate(con); + i=SSL_do_handshake(con); + printf("SSL_do_handshake1 -> %d\n",i); + if (SSL_get_state(con) != SSL_ST_OK) + printf("Bad State\n"); + con->state = SSL_ST_ACCEPT; + i=SSL_do_handshake(con); + printf("SSL_do_handshake2 -> %d\n",i); + i=0; /*13; */ + continue; + } if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a2ba5748d5..66ff3fdb54 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -979,7 +979,6 @@ start: (s->session != NULL) && (s->session->cipher != NULL)) { s->s3->handshake_fragment_len = 0; - if ((s->s3->handshake_fragment[1] != 0) || (s->s3->handshake_fragment[2] != 0) || (s->s3->handshake_fragment[3] != 0)) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 789447e115..700d972239 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -448,7 +448,21 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_FLUSH: /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL); + /* This originally and incorrectly called BIO_CTRL_INFO + * The reason why this is wrong is mentioned in PR#1949. + * Unfortunately, as suggested in that bug some + * versions of Apache unconditionally return 0 + * for BIO_CTRL_WPENDING meaning we don't correctly + * flush data and some operations, like renegotiation, + * don't work. Other software may also be affected so + * call BIO_CTRL_INFO to retain compatibility with + * previous behaviour and BIO_CTRL_WPENDING if we + * get zero to address the PR#1949 case. + */ + + num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); + if (num1 == 0) + num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL); if (num1 > 0) { s->rwstate=SSL_WRITING;