Re: piping to s_client

1999-04-08 Thread Bodo Moeller 

[EMAIL PROTECTED] (Bodo Moeller):
Mikko Hirvonen [EMAIL PROTECTED]:

 I have problems with pipes. I try to use s_client as fetchmail
 plugin, but something goes wrong. Transmission over ssl-tunnel will
 stop.

 I think s_client.c is buggy in that in does a select() loop where in
 fact it the first thing it should do in each iteration is check
 SSL_pending(con).  The result is that under certain circumstances when
 no new data arrives over the network, s_client sleeps on select()
 while SSL_read has quite a bit of internally buffered data that would
 be ready for processing.  Fixing s_client is left as an exercise :-)

It seems that no-one took the challenge, so here's my patch (relative
to the current code, but the patch should work for 0.9.2b as well):

Index: apps/s_client.c
===
RCS file: /e/openssl/cvs/openssl/apps/s_client.c,v
retrieving revision 1.5
diff -u -r1.5 s_client.c
--- apps/s_client.c 1999/03/31 12:06:04 1.5
+++ apps/s_client.c 1999/04/08 20:20:02
@@ -154,7 +154,7 @@
char *cert_file=NULL,*key_file=NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-   int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+   int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
SSL_METHOD *meth=NULL;
@@ -439,31 +439,36 @@
}
}
 
+   ssl_pending = read_ssl  SSL_pending(con);
+
+   if (!ssl_pending)
 #ifndef WINDOWS
-   if (tty_on)
{
-   if (read_tty)  FD_SET(fileno(stdin),readfds);
-   if (write_tty) FD_SET(fileno(stdout),writefds);
-   }
+   if (tty_on)
+   {
+   if (read_tty)  FD_SET(fileno(stdin),readfds);
+   if (write_tty) FD_SET(fileno(stdout),writefds);
+   }
 #endif
-   if (read_ssl)
-   FD_SET(SSL_get_fd(con),readfds);
-   if (write_ssl)
-   FD_SET(SSL_get_fd(con),writefds);
+   if (read_ssl)
+   FD_SET(SSL_get_fd(con),readfds);
+   if (write_ssl)
+   FD_SET(SSL_get_fd(con),writefds);
 
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
-   tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+   tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-   i=select(width,readfds,writefds,NULL,NULL);
-   if ( i  0)
-   {
-   BIO_printf(bio_err,"bad select %d\n",
+   i=select(width,readfds,writefds,NULL,NULL);
+   if ( i  0)
+   {
+   BIO_printf(bio_err,"bad select %d\n",
get_last_socket_error());
-   goto shut;
-   /* goto end; */
+   goto shut;
+   /* goto end; */
+   }
}
 
-   if (FD_ISSET(SSL_get_fd(con),writefds))
+   if (!ssl_pending  FD_ISSET(SSL_get_fd(con),writefds))
{
k=SSL_write(con,(cbuf[cbuf_off]),
(unsigned int)cbuf_len);
@@ -531,7 +536,7 @@
}
}
 #ifndef WINDOWS
-   else if (FD_ISSET(fileno(stdout),writefds))
+   else if (!ssl_pending  FD_ISSET(fileno(stdout),writefds))
{
i=write(fileno(stdout),(sbuf[sbuf_off]),sbuf_len);
 
@@ -551,7 +556,7 @@
}
}
 #endif
-   else if (FD_ISSET(SSL_get_fd(con),readfds))
+   else if (ssl_pending || FD_ISSET(SSL_get_fd(con),readfds))
{
 #ifdef RENEG
 { static int ; if (++ == 52) { SSL_renegotiate(con); =0; } }
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: piping to s_client

1999-04-03 Thread Bodo Moeller 

Mikko Hirvonen [EMAIL PROTECTED]:

 I have problems with pipes. I try to use s_client as fetchmail plugin, but
 something goes wrong. Transmission over ssl-tunnel will stop.

I think s_client.c is buggy in that in does a select() loop where in
fact it the first thing it should do in each iteration is check
SSL_pending(con).  The result is that under certain circumstances when
no new data arrives over the network, s_client sleeps on select()
while SSL_read has quite a bit of internally buffered data that would
be ready for processing.  Fixing s_client is left as an exercise :-)
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

piping to s_client

1999-03-31 Thread Mikko Hirvonen 


I have problems with pipes. I try to use s_client as fetchmail plugin, but
something goes wrong. Transmission over ssl-tunnel will stop.

Imap server is wu-imapd tunneled with stunnel, but I can see the problem
with s_server too.

Programs are tested with sparc-solaris and x86-linux with and without asm
and optimizations. 

I hope this demonstrates the problem:

demo_client: run
openssl s_client -connect localhost: and
sleep 10 ; openssl s_client -connect localhost:

demo_server:
#! /usr/local/bin/perl

#$ssl = "/usr/local/ssl/bin/ssleay";
$ssl = "/usr/local/ssl/bin/openssl";

$port = ;

if ( -e ! "key.pem" || ( -e ! "key_nopass.pem" || ! "crt.pem" )) {
create_dummy_keys (); };

open (SSL, "|$ssl s_server -key key_nopass.pem -cert crt.pem -accept $port")
|| die "Can't open ssl";

# if client is ready to receive, everything is ok.
sleep 10;

$count = 1000;
while ($count) 
 {
   print SSL "Testing ssl, count = ", $count, "\n";
   $count --;
 }
close (SSL);
exit 0;

sub create_dummy_keys ()
{
system ("$ssl genrsa -des 1024  key.pem");
system ("$ssl rsa -in key.pem -out key_nopass.pem");
system ("$ssl req -new -x509 -key key.pem -out crt.pem");
}

-- 

Mikko Hirvonen  [EMAIL PROTECTED] 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]