The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING

ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.

diff --git a/apps/s_server.c b/apps/s_server.c
index 88b308ca388f397221c0302f9336479f4e938029..f44bf5e8409fa81cbaca1d9d93af76aab14d7909 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1836,6 +1836,20 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                        continue;
                                        /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
                                        }
+                               if ((buf[0] == 'X') &&
+                                       ((buf[1] == '\n') || (buf[1] == '\r')))
+                                       {
+                                       SSL_renegotiate(con);
+                                       i=SSL_do_handshake(con);
+                                       printf("SSL_do_handshake1 -> %d\n",i);
+                                       if (SSL_get_state(con) != SSL_ST_OK)
+                                               printf("Bad State\n");
+                                       con->state = SSL_ST_ACCEPT;
+                                       i=SSL_do_handshake(con);
+                                       printf("SSL_do_handshake2 -> %d\n",i);
+                                       i=0; /*13; */
+                                       continue;
+                                       }
                                if ((buf[0] == 'R') &&
                                        ((buf[1] == '\n') || (buf[1] == '\r')))
                                        {

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a2ba5748d5eb4f6b4aca75fb115eb97c75449f50..66ff3fdb54023ed2b7971c00490f1776238a622f 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -979,7 +979,6 @@ start:
                (s->session != NULL) && (s->session->cipher != NULL))
                {
                s->s3->handshake_fragment_len = 0;
-
                if ((s->s3->handshake_fragment[1] != 0) ||
                        (s->s3->handshake_fragment[2] != 0) ||
                        (s->s3->handshake_fragment[3] != 0))

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 789447e11595c72702a07e9d1338cfe44c8ba767..700d97223951a1c5059acc605bd1713bfe069417 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -448,7 +448,21 @@ int ssl3_accept(SSL *s)
                
                case SSL3_ST_SW_FLUSH:
                        /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
+                       /* This originally and incorrectly called BIO_CTRL_INFO
+                        * The reason why this is wrong is mentioned in PR#1949.
+                        * Unfortunately, as suggested in that bug some
+                        * versions of Apache unconditionally return 0
+                        * for BIO_CTRL_WPENDING meaning we don't correctly
+                        * flush data and some operations, like renegotiation,
+                        * don't work. Other software may also be affected so
+                        * call BIO_CTRL_INFO to retain compatibility with
+                        * previous behaviour and BIO_CTRL_WPENDING if we
+                        * get zero to address the PR#1949 case.
+                        */
+
+                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+                       if (num1 == 0)
+                               num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
                        if (num1 > 0)
                                {
                                s->rwstate=SSL_WRITING;