From: Bodo Möller Date: Tue, 12 Sep 2000 20:28:30 +0000 (+0000) Subject: New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default X-Git-Tag: OpenSSL-engine-0_9_6-beta2~11^2~13 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=54f10e6adce56eb2e59936e32216162aadc5d050;p=oweals%2Fopenssl.git New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ. --- diff --git a/CHANGES b/CHANGES index 7bb375d117..2231003dcd 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default + behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if + the underlying transport is blocking) if a handshake took place. + (The default behaviour is needed by applications such as s_client + and s_server that use select() to determine when to use SSL_read; + but for applications that know in advance when to expect data, it + just makes things more complicated.) + [Bodo Moeller] + *) Add RAND_egd_bytes(), which gives control over the number of bytes read from EGD. [Ben Laurie] diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index e3d02e6007..1414079853 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -899,19 +899,21 @@ start: return(-1); } - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - BIO *bio; - /* In the case where we try to read application data - * the first time, but we trigger an SSL handshake, we - * return -1 with the retry option set. I do this - * otherwise renegotiation can cause nasty problems - * in the blocking world */ /* ? */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); + } } } } @@ -1022,19 +1024,21 @@ start: return(-1); } - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - BIO *bio; - /* In the case where we try to read application data - * the first time, but we trigger an SSL handshake, we - * return -1 with the retry option set. I do this - * otherwise renegotiation can cause nasty problems - * in the blocking world */ /* ? */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); + if (s->s3->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); + } } goto start; } diff --git a/ssl/ssl.h b/ssl/ssl.h index f418b9921b..6ffeca4d31 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -335,6 +335,9 @@ typedef struct ssl_session_st * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */