The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.
This commit is contained in:
Dr. Stephen Henson
@@ -1836,6 +1836,20 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
|||||||
continue;
|
continue;
|
||||||
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
|
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
|
||||||
}
|
}
|
||||||
|
if ((buf[0] == 'X') &&
|
||||||
|
((buf[1] == '\n') || (buf[1] == '\r')))
|
||||||
|
{
|
||||||
|
SSL_renegotiate(con);
|
||||||
|
i=SSL_do_handshake(con);
|
||||||
|
printf("SSL_do_handshake1 -> %d\n",i);
|
||||||
|
if (SSL_get_state(con) != SSL_ST_OK)
|
||||||
|
printf("Bad State\n");
|
||||||
|
con->state = SSL_ST_ACCEPT;
|
||||||
|
i=SSL_do_handshake(con);
|
||||||
|
printf("SSL_do_handshake2 -> %d\n",i);
|
||||||
|
i=0; /*13; */
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if ((buf[0] == 'R') &&
|
if ((buf[0] == 'R') &&
|
||||||
((buf[1] == '\n') || (buf[1] == '\r')))
|
((buf[1] == '\n') || (buf[1] == '\r')))
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -979,7 +979,6 @@ start:
|
|||||||
(s->session != NULL) && (s->session->cipher != NULL))
|
(s->session != NULL) && (s->session->cipher != NULL))
|
||||||
{
|
{
|
||||||
s->s3->handshake_fragment_len = 0;
|
s->s3->handshake_fragment_len = 0;
|
||||||
|
|
||||||
if ((s->s3->handshake_fragment[1] != 0) ||
|
if ((s->s3->handshake_fragment[1] != 0) ||
|
||||||
(s->s3->handshake_fragment[2] != 0) ||
|
(s->s3->handshake_fragment[2] != 0) ||
|
||||||
(s->s3->handshake_fragment[3] != 0))
|
(s->s3->handshake_fragment[3] != 0))
|
||||||
|
|||||||
@@ -448,6 +448,20 @@ int ssl3_accept(SSL *s)
|
|||||||
|
|
||||||
case SSL3_ST_SW_FLUSH:
|
case SSL3_ST_SW_FLUSH:
|
||||||
/* number of bytes to be flushed */
|
/* number of bytes to be flushed */
|
||||||
|
/* This originally and incorrectly called BIO_CTRL_INFO
|
||||||
|
* The reason why this is wrong is mentioned in PR#1949.
|
||||||
|
* Unfortunately, as suggested in that bug some
|
||||||
|
* versions of Apache unconditionally return 0
|
||||||
|
* for BIO_CTRL_WPENDING meaning we don't correctly
|
||||||
|
* flush data and some operations, like renegotiation,
|
||||||
|
* don't work. Other software may also be affected so
|
||||||
|
* call BIO_CTRL_INFO to retain compatibility with
|
||||||
|
* previous behaviour and BIO_CTRL_WPENDING if we
|
||||||
|
* get zero to address the PR#1949 case.
|
||||||
|
*/
|
||||||
|
|
||||||
|
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
|
||||||
|
if (num1 == 0)
|
||||||
num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
|
num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
|
||||||
if (num1 > 0)
|
if (num1 > 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user