diff options
| author | Steven Fackler <[email protected]> | 2016-07-01 18:31:47 -0400 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-07-01 18:31:47 -0400 |
| commit | 121169c1f57bf0b1130b400d9ed6431855fb2e73 (patch) | |
| tree | d9e7e34dbf92171ce7e1da484941ba52521596f0 | |
| parent | Test on 1.8 (diff) | |
| download | rust-openssl-121169c1f57bf0b1130b400d9ed6431855fb2e73.tar.xz rust-openssl-121169c1f57bf0b1130b400d9ed6431855fb2e73.zip | |
Set auto retry
SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
| -rw-r--r-- | openssl-sys-extras/src/lib.rs | 2 | ||||
| -rw-r--r-- | openssl-sys-extras/src/openssl_shim.c | 4 | ||||
| -rw-r--r-- | openssl-sys/src/lib.rs | 4 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 9 |
4 files changed, 17 insertions, 2 deletions
diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs index 8b13ade9..c71ad073 100644 --- a/openssl-sys-extras/src/lib.rs +++ b/openssl-sys-extras/src/lib.rs @@ -60,6 +60,8 @@ extern { pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long; pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long; + #[link_name = "SSL_CTX_set_mode_shim"] + pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, options: c_long) -> c_long; #[link_name = "SSL_CTX_add_extra_chain_cert_shim"] pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long; #[link_name = "SSL_CTX_set_read_ahead_shim"] diff --git a/openssl-sys-extras/src/openssl_shim.c b/openssl-sys-extras/src/openssl_shim.c index 11df1ca6..db2a8786 100644 --- a/openssl-sys-extras/src/openssl_shim.c +++ b/openssl-sys-extras/src/openssl_shim.c @@ -93,6 +93,10 @@ long SSL_CTX_clear_options_shim(SSL_CTX *ctx, long options) { return SSL_CTX_clear_options(ctx, options); } +long SSL_CTX_set_mode_shim(SSL_CTX *ctx, long options) { + return SSL_CTX_set_mode(ctx, options); +} + long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) { return SSL_CTX_add_extra_chain_cert(ctx, x509); } diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index e6a7c488..bdcf71d4 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -270,8 +270,10 @@ pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53; pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54; pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55; pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14; - pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41; + +pub const SSL_MODE_AUTO_RETRY: c_long = 4; + pub const SSL_ERROR_NONE: c_int = 0; pub const SSL_ERROR_SSL: c_int = 1; pub const SSL_ERROR_SYSCALL: c_int = 5; diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index f207416f..d0954bc7 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -566,6 +566,9 @@ impl SslContext { let ctx = SslContext { ctx: ctx }; + // this is a bit dubious (?) + try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY)); + if method.is_dtls() { ctx.set_read_ahead(1); } @@ -648,8 +651,12 @@ impl SslContext { } } + fn set_mode(&self, mode: c_long) -> Result<(), SslError> { + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int }) + } + pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> { - wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 }) + wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as c_int }) } /// Use the default locations of trusted certificates for verification. |