bcollet/socat
1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2024-12-22 15:32:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

OpenSSL: clear SSL_MODE_AUTO_RETRY

Browse source
This commit is contained in:
Gerhard Rieger 2019-03-12 21:09:18 +01:00
parent 7a621dd3a2
commit bc3723e970
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -77,6 +77,9 @@ Porting:
RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with
configure option --enable-res-deprecated. configure option --enable-res-deprecated.
New versions of OpenSSL preset SSL_MODE_AUTO_RETRY which may hang socat.
Solution: clear SSL_MODE_AUTO_RETRY when it is set.
Testing: Testing:
test.sh: Show a warning when phase-1 (insecure phase) of a security test.sh: Show a warning when phase-1 (insecure phase) of a security
test fails test fails

12
xio-openssl.c
View file

@ -1023,6 +1023,18 @@ cont_out:
} }
#endif #endif
/* It seems that OpenSSL-1.1.1 presets the mode differently.
Without correction socat might hang in SSL_read() */
{
long mode = 0;
mode = SSL_CTX_get_mode(*ctx);
if (mode & SSL_MODE_AUTO_RETRY) {
Info("SSL_CTX mode has SSL_MODE_AUTO_RETRY set. Correcting..");
Debug1("SSL_CTX_clean_mode(%p, SSL_MODE_AUTO_RETRY)", *ctx);
SSL_CTX_clear_mode(*ctx, SSL_MODE_AUTO_RETRY);
}
}
if (opt_cafile != NULL || opt_capath != NULL) { if (opt_cafile != NULL || opt_capath != NULL) {
if (sycSSL_CTX_load_verify_locations(*ctx, opt_cafile, opt_capath) != 1) { if (sycSSL_CTX_load_verify_locations(*ctx, opt_cafile, opt_capath) != 1) {
int result; int result;