This is an automated email from the ASF dual-hosted git repository.
cliffjansen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
The following commit(s) were added to refs/heads/main by this push:
new c9d8caa07 PROTON-2643: C ssl driver - avoid hang in handshake in older
versions of OpenSSL
c9d8caa07 is described below
commit c9d8caa07a229f3d255159316fa55441ff638752
Author: Clifford Jansen <[email protected]>
AuthorDate: Thu Nov 24 10:31:55 2022 -0800
PROTON-2643: C ssl driver - avoid hang in handshake in older versions of
OpenSSL
---
c/src/ssl/openssl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/c/src/ssl/openssl.c b/c/src/ssl/openssl.c
index 145f60e0b..caa7ea011 100644
--- a/c/src/ssl/openssl.c
+++ b/c/src/ssl/openssl.c
@@ -114,6 +114,7 @@ struct pni_ssl_t {
bool ssl_closed; // shutdown complete, or SSL error
bool read_blocked; // SSL blocked until more network data is read
bool write_blocked; // SSL blocked until data is written to network
+ bool handshake_ok;
int err_reason;
char *subject;
@@ -1275,6 +1276,10 @@ static ssize_t process_output_ssl( pn_transport_t
*transport, unsigned int layer
ssl->write_blocked = false;
work_pending = work_pending || max_len > 0;
ssl_log(transport, PN_LEVEL_TRACE, "Read %d bytes from BIO Layer",
available );
+ } else if ( !ssl->handshake_ok && !ssl->ssl_closed ) {
+ // OpenSSL bug workaround 1.0.x -> unknown. Harmless in all versions.
+ // See PROTON-2643. SSL_do_handshake() prevents forgetting to refill
the BIO.
+ ssl->handshake_ok = (SSL_do_handshake(ssl->ssl) == 1);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
