The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING

ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:50:57 +00:00
parent 6899d9bbf6
commit 5598b99fb3
3 changed files with 29 additions and 2 deletions
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1836,6 +1836,20 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 					continue;
 					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
+				if ((buf[0] == 'X') &&
+					((buf[1] == '\n') || (buf[1] == '\r')))
+					{
+					SSL_renegotiate(con);
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake1 -> %d\n",i);
+					if (SSL_get_state(con) != SSL_ST_OK)
+						printf("Bad State\n");
+					con->state = SSL_ST_ACCEPT;
+					i=SSL_do_handshake(con);
+					printf("SSL_do_handshake2 -> %d\n",i);
+					i=0; /*13; */
+					continue;
+					}
 				if ((buf[0] == 'R') &&
 					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -979,7 +979,6 @@ start:
 		(s->session != NULL) && (s->session->cipher != NULL))
 		{
 		s->s3->handshake_fragment_len = 0;
-
 		if ((s->s3->handshake_fragment[1] != 0) ||
 			(s->s3->handshake_fragment[2] != 0) ||
 			(s->s3->handshake_fragment[3] != 0))
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -448,7 +448,21 @@ int ssl3_accept(SSL *s)
 		
 		case SSL3_ST_SW_FLUSH:
 			/* number of bytes to be flushed */
-			num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
+			/* This originally and incorrectly called BIO_CTRL_INFO
+			 * The reason why this is wrong is mentioned in PR#1949.
+			 * Unfortunately, as suggested in that bug some
+			 * versions of Apache unconditionally return 0
+			 * for BIO_CTRL_WPENDING meaning we don't correctly
+			 * flush data and some operations, like renegotiation,
+			 * don't work. Other software may also be affected so
+			 * call BIO_CTRL_INFO to retain compatibility with
+			 * previous behaviour and BIO_CTRL_WPENDING if we
+			 * get zero to address the PR#1949 case.
+			 */
+
+			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+			if (num1 == 0)
+				num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
 			if (num1 > 0)
 				{
 				s->rwstate=SSL_WRITING;