SSL (patch 1)
Bear Giles
bear at coyotesong.com
Sun May 26 16:38:46 UTC 2002
Following are a series of patches to the SSL code. It's a number of
small patches, instead of one large patch, because most projects have
an easier time handling the small patches. It also makes it easier
for someone more familiar with the architecture of the code to catch
an oversight.
The first patch adds calls to SSL_get_error() after SSL_read() and
SSL_write(). It is necessary because the standard 'errno' function
can't encode SSL-specific problems.
Bear Giles
-- Attached file included as plaintext by Ecartis --
-- Desc: /tmp/inn1
Index: inn/nnrpd/article.c
diff -c inn/nnrpd/article.c:1.1.1.1 inn/nnrpd/article.c:1.2
*** inn/nnrpd/article.c:1.1.1.1 Sun May 26 09:49:31 2002
--- inn/nnrpd/article.c Sun May 26 10:25:59 2002
***************
*** 1,4 ****
! /* $Id: article.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
**
** Article-related routines.
*/
--- 1,4 ----
! /* $Id: article.c,v 1.2 2002/05/26 16:25:59 bear Exp $
**
** Article-related routines.
*/
***************
*** 15,20 ****
--- 15,21 ----
#include "tls.h"
#ifdef HAVE_SSL
+ #include <openssl/e_os.h>
extern SSL *tls_conn;
#endif
***************
*** 59,67 ****
static bool PushIOvHelper(struct iovec* vec, int* countp) {
int result;
#ifdef HAVE_SSL
! result = tls_conn
! ? SSL_writev(tls_conn, vec, *countp)
! : writev(STDOUT_FILENO, vec, *countp);
#else
result = writev(STDOUT_FILENO, vec, *countp);
#endif
--- 60,89 ----
static bool PushIOvHelper(struct iovec* vec, int* countp) {
int result;
#ifdef HAVE_SSL
! if (tls_conn) {
! Again:
! result = SSL_writev(tls_conn, vec, *countp);
! switch (SSL_get_error(tls_conn, result)) {
! case SSL_ERROR_NONE:
! break;
! case SSL_ERROR_WANT_WRITE:
! goto Again;
! break;
! case SSL_ERROR_SYSCALL:
! errno = get_last_socket_error();
! break;
! case SSL_ERROR_SSL:
! SSL_shutdown(tls_conn);
! tls_conn = NULL;
! errno = ECONNRESET;
! break;
! case SSL_ERROR_ZERO_RETURN:
! break;
! }
! }
! else {
! result = writev(STDOUT_FILENO, vec, *countp);
! }
#else
result = writev(STDOUT_FILENO, vec, *countp);
#endif
***************
*** 156,165 ****
static int highwater = 0;
static bool PushIOb(void) {
fflush(stdout);
#ifdef HAVE_SSL
if (tls_conn) {
! if (SSL_write(tls_conn, _IO_buffer_, highwater) != highwater) {
highwater = 0;
return FALSE;
}
--- 178,210 ----
static int highwater = 0;
static bool PushIOb(void) {
+ #ifdef HAVE_SSL
+ int r;
+ #endif
+
fflush(stdout);
#ifdef HAVE_SSL
if (tls_conn) {
! Again:
! r = SSL_write(tls_conn, _IO_buffer_, highwater);
! switch (SSL_get_error(tls_conn, r)) {
! case SSL_ERROR_NONE:
! break;
! case SSL_ERROR_WANT_WRITE:
! goto Again;
! break;
! case SSL_ERROR_SYSCALL:
! errno = get_last_socket_error();
! break;
! case SSL_ERROR_SSL:
! SSL_shutdown(tls_conn);
! tls_conn = NULL;
! errno = ECONNRESET;
! break;
! case SSL_ERROR_ZERO_RETURN:
! break;
! }
! if (r != highwater) {
highwater = 0;
return FALSE;
}
Index: inn/nnrpd/misc.c
diff -c inn/nnrpd/misc.c:1.1.1.1 inn/nnrpd/misc.c:1.2
*** inn/nnrpd/misc.c:1.1.1.1 Sun May 26 09:49:31 2002
--- inn/nnrpd/misc.c Sun May 26 10:25:59 2002
***************
*** 1,4 ****
! /* $Id: misc.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
**
** Miscellaneous support routines.
*/
--- 1,4 ----
! /* $Id: misc.c,v 1.2 2002/05/26 16:25:59 bear Exp $
**
** Miscellaneous support routines.
*/
***************
*** 16,21 ****
--- 16,22 ----
#include "sasl_config.h"
#ifdef HAVE_SSL
+ #include <openssl/e_os.h>
extern SSL *tls_conn;
extern int nnrpd_starttls_done;
#endif
***************
*** 271,278 ****
if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
return RTtimeout;
#ifdef HAVE_SSL
! if (tls_conn)
count = SSL_read(tls_conn, buffer, sizeof buffer);
else
count = read(STDIN_FILENO, buffer, sizeof buffer);
#else
--- 272,297 ----
if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
return RTtimeout;
#ifdef HAVE_SSL
! if (tls_conn) {
count = SSL_read(tls_conn, buffer, sizeof buffer);
+ switch (SSL_get_error(tls_conn, count)) {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_READ:
+ goto Again;
+ break;
+ case SSL_ERROR_SYSCALL:
+ errno = get_last_socket_error();
+ break;
+ case SSL_ERROR_SSL:
+ SSL_shutdown(tls_conn);
+ tls_conn = NULL;
+ errno = ECONNRESET;
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ break;
+ }
+ }
else
count = read(STDIN_FILENO, buffer, sizeof buffer);
#else
Index: inn/nnrpd/nnrpd.c
diff -c inn/nnrpd/nnrpd.c:1.1.1.1 inn/nnrpd/nnrpd.c:1.2
*** inn/nnrpd/nnrpd.c:1.1.1.1 Sun May 26 09:49:31 2002
--- inn/nnrpd/nnrpd.c Sun May 26 10:25:59 2002
***************
*** 1,4 ****
! /* $Id: nnrpd.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
**
** NNTP server for readers (NNRP) for InterNetNews.
**
--- 1,4 ----
! /* $Id: nnrpd.c,v 1.2 2002/05/26 16:25:59 bear Exp $
**
** NNTP server for readers (NNRP) for InterNetNews.
**
***************
*** 31,36 ****
--- 31,37 ----
#include "sasl_config.h"
#ifdef HAVE_SSL
+ #include <openssl/e_os.h>
extern SSL *tls_conn;
int nnrpd_starttls_done = 0;
#endif
***************
*** 649,659 ****
char buff[2048];
#ifdef HAVE_SSL
if (tls_conn) {
va_start(args, fmt);
vsprintf(buff,fmt, args);
va_end(args);
! SSL_write(tls_conn, buff, strlen(buff));
} else {
va_start(args, fmt);
vprintf(fmt, args);
--- 650,681 ----
char buff[2048];
#ifdef HAVE_SSL
+ int r;
+
if (tls_conn) {
va_start(args, fmt);
+ /* FIXME: use vsnprintf() - does it exist? */
vsprintf(buff,fmt, args);
va_end(args);
! Again:
! r = SSL_write(tls_conn, buff, strlen(buff));
! switch (SSL_get_error(tls_conn, r)) {
! case SSL_ERROR_NONE:
! break;
! case SSL_ERROR_WANT_WRITE:
! goto Again;
! break;
! case SSL_ERROR_SYSCALL:
! errno = get_last_socket_error();
! break;
! case SSL_ERROR_SSL:
! SSL_shutdown(tls_conn);
! tls_conn = NULL;
! errno = ECONNRESET;
! break;
! case SSL_ERROR_ZERO_RETURN:
! break;
! }
} else {
va_start(args, fmt);
vprintf(fmt, args);
***************
*** 670,675 ****
--- 692,698 ----
/* Copy output, but strip trailing CR-LF. Note we're assuming here
that no output line can ever be longer than 2045 characters. */
+ /* FIXME: use vsnprintf() - does it exist? */
vsprintf(buff, fmt, args);
va_end(args);
p = buff + strlen(buff) - 1;
***************
*** 687,698 ****
{
va_list args;
char buff[2048];
if (tls_conn) {
va_start(args, fmt);
vsprintf(buff, fmt, args);
va_end(args);
! SSL_write(tls_conn, buff, strlen(buff));
} else {
va_start(args, fmt);
vprintf(fmt, args);
--- 710,741 ----
{
va_list args;
char buff[2048];
+ int r;
if (tls_conn) {
va_start(args, fmt);
+ /* FIXME: use vsnprintf() - does it exist? */
vsprintf(buff, fmt, args);
va_end(args);
! Again:
! r = SSL_write(tls_conn, buff, strlen(buff));
! switch (SSL_get_error(tls_conn, r)) {
! case SSL_ERROR_NONE:
! break;
! case SSL_ERROR_WANT_WRITE:
! goto Again;
! break;
! case SSL_ERROR_SYSCALL:
! errno = get_last_socket_error();
! break;
! case SSL_ERROR_SSL:
! SSL_shutdown(tls_conn);
! tls_conn = NULL;
! errno = ECONNRESET;
! break;
! case SSL_ERROR_ZERO_RETURN:
! break;
! }
} else {
va_start(args, fmt);
vprintf(fmt, args);
More information about the inn-patches
mailing list