Author: jfclere Date: Fri Sep 18 16:15:33 2009 New Revision: 816698 URL: http://svn.apache.org/viewvc?rev=816698&view=rev Log: While testing with FF and a bunch of client certificates the SSL_do_handshake() failed and need to be retrying until the certificate is choosen in the browser.
Modified: tomcat/native/trunk/native/src/sslnetwork.c Modified: tomcat/native/trunk/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=816698&r1=816697&r2=816698&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslnetwork.c (original) +++ tomcat/native/trunk/native/src/sslnetwork.c Fri Sep 18 16:15:33 2009 @@ -563,6 +563,7 @@ tcn_socket_t *s = J2P(sock, tcn_socket_t *); tcn_ssl_conn_t *con; int retVal; + int ecode = SSL_ERROR_WANT_READ; UNREFERENCED_STDARGS; TCN_ASSERT(sock != 0); @@ -582,11 +583,30 @@ if (retVal <= 0) return APR_EGENERAL; + if (SSL_get_state(con->ssl) != SSL_ST_OK) { + return APR_EGENERAL; + } con->ssl->state = SSL_ST_ACCEPT; - retVal = SSL_do_handshake(con->ssl); - if (retVal <= 0) + ecode = SSL_ERROR_WANT_READ; + while (ecode == SSL_ERROR_WANT_READ) { + retVal = SSL_do_handshake(con->ssl); + if (retVal <= 0) { + ecode = SSL_get_error(con->ssl, retVal); + if (ecode == SSL_ERROR_WANT_READ) { + if (wait_for_io_or_timeout(con, ecode) != APR_SUCCESS) + return APR_EGENERAL; /* Can't wait */ + continue; /* It should be ok now */ + } + else + return APR_EGENERAL; + } else + break; + } + + if (SSL_get_state(con->ssl) != SSL_ST_OK) { return APR_EGENERAL; + } return APR_SUCCESS; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org