SSL (patch 1)
Kiernan, Alex
alexk at demon.net
Sat Jun 1 18:28:54 UTC 2002
I'll look to apply these in the next few days - I'm currently cleaning up
nnrpd with Purify, once I've dealt with all that I can find, I'll start
applying these.
--
Alex Kiernan, Principal Engineer, Development, THUS plc
> -----Original Message-----
> From: Bear Giles [mailto:bear at coyotesong.com]
> Sent: 26 May 2002 17:39
> To: inn-patches at isc.org
> Subject: SSL (patch 1)
>
>
> Following are a series of patches to the SSL code. It's a number of
> small patches, instead of one large patch, because most projects have
> an easier time handling the small patches. It also makes it easier
> for someone more familiar with the architecture of the code to catch
> an oversight.
>
> The first patch adds calls to SSL_get_error() after SSL_read() and
> SSL_write(). It is necessary because the standard 'errno' function
> can't encode SSL-specific problems.
>
> Bear Giles
>
>
> -- Attached file included as plaintext by Ecartis --
> -- Desc: /tmp/inn1
>
> Index: inn/nnrpd/article.c
> diff -c inn/nnrpd/article.c:1.1.1.1 inn/nnrpd/article.c:1.2
> *** inn/nnrpd/article.c:1.1.1.1 Sun May 26 09:49:31 2002
> --- inn/nnrpd/article.c Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /* $Id: article.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
> **
> ** Article-related routines.
> */
> --- 1,4 ----
> ! /* $Id: article.c,v 1.2 2002/05/26 16:25:59 bear Exp $
> **
> ** Article-related routines.
> */
> ***************
> *** 15,20 ****
> --- 15,21 ----
> #include "tls.h"
>
> #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
> extern SSL *tls_conn;
> #endif
>
> ***************
> *** 59,67 ****
> static bool PushIOvHelper(struct iovec* vec, int* countp) {
> int result;
> #ifdef HAVE_SSL
> ! result = tls_conn
> ! ? SSL_writev(tls_conn, vec, *countp)
> ! : writev(STDOUT_FILENO, vec, *countp);
> #else
> result = writev(STDOUT_FILENO, vec, *countp);
> #endif
> --- 60,89 ----
> static bool PushIOvHelper(struct iovec* vec, int* countp) {
> int result;
> #ifdef HAVE_SSL
> ! if (tls_conn) {
> ! Again:
> ! result = SSL_writev(tls_conn, vec, *countp);
> ! switch (SSL_get_error(tls_conn, result)) {
> ! case SSL_ERROR_NONE:
> ! break;
> ! case SSL_ERROR_WANT_WRITE:
> ! goto Again;
> ! break;
> ! case SSL_ERROR_SYSCALL:
> ! errno = get_last_socket_error();
> ! break;
> ! case SSL_ERROR_SSL:
> ! SSL_shutdown(tls_conn);
> ! tls_conn = NULL;
> ! errno = ECONNRESET;
> ! break;
> ! case SSL_ERROR_ZERO_RETURN:
> ! break;
> ! }
> ! }
> ! else {
> ! result = writev(STDOUT_FILENO, vec, *countp);
> ! }
> #else
> result = writev(STDOUT_FILENO, vec, *countp);
> #endif
> ***************
> *** 156,165 ****
> static int highwater = 0;
>
> static bool PushIOb(void) {
> fflush(stdout);
> #ifdef HAVE_SSL
> if (tls_conn) {
> ! if (SSL_write(tls_conn, _IO_buffer_, highwater) !=
> highwater) {
> highwater = 0;
> return FALSE;
> }
> --- 178,210 ----
> static int highwater = 0;
>
> static bool PushIOb(void) {
> + #ifdef HAVE_SSL
> + int r;
> + #endif
> +
> fflush(stdout);
> #ifdef HAVE_SSL
> if (tls_conn) {
> ! Again:
> ! r = SSL_write(tls_conn, _IO_buffer_, highwater);
> ! switch (SSL_get_error(tls_conn, r)) {
> ! case SSL_ERROR_NONE:
> ! break;
> ! case SSL_ERROR_WANT_WRITE:
> ! goto Again;
> ! break;
> ! case SSL_ERROR_SYSCALL:
> ! errno = get_last_socket_error();
> ! break;
> ! case SSL_ERROR_SSL:
> ! SSL_shutdown(tls_conn);
> ! tls_conn = NULL;
> ! errno = ECONNRESET;
> ! break;
> ! case SSL_ERROR_ZERO_RETURN:
> ! break;
> ! }
> ! if (r != highwater) {
> highwater = 0;
> return FALSE;
> }
> Index: inn/nnrpd/misc.c
> diff -c inn/nnrpd/misc.c:1.1.1.1 inn/nnrpd/misc.c:1.2
> *** inn/nnrpd/misc.c:1.1.1.1 Sun May 26 09:49:31 2002
> --- inn/nnrpd/misc.c Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /* $Id: misc.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
> **
> ** Miscellaneous support routines.
> */
> --- 1,4 ----
> ! /* $Id: misc.c,v 1.2 2002/05/26 16:25:59 bear Exp $
> **
> ** Miscellaneous support routines.
> */
> ***************
> *** 16,21 ****
> --- 16,22 ----
> #include "sasl_config.h"
>
> #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
> extern SSL *tls_conn;
> extern int nnrpd_starttls_done;
> #endif
> ***************
> *** 271,278 ****
> if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
> return RTtimeout;
> #ifdef HAVE_SSL
> ! if (tls_conn)
> count = SSL_read(tls_conn, buffer, sizeof buffer);
> else
> count = read(STDIN_FILENO, buffer, sizeof buffer);
> #else
> --- 272,297 ----
> if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
> return RTtimeout;
> #ifdef HAVE_SSL
> ! if (tls_conn) {
> count = SSL_read(tls_conn, buffer, sizeof buffer);
> + switch (SSL_get_error(tls_conn, count)) {
> + case SSL_ERROR_NONE:
> + break;
> + case SSL_ERROR_WANT_READ:
> + goto Again;
> + break;
> + case SSL_ERROR_SYSCALL:
> + errno = get_last_socket_error();
> + break;
> + case SSL_ERROR_SSL:
> + SSL_shutdown(tls_conn);
> + tls_conn = NULL;
> + errno = ECONNRESET;
> + break;
> + case SSL_ERROR_ZERO_RETURN:
> + break;
> + }
> + }
> else
> count = read(STDIN_FILENO, buffer, sizeof buffer);
> #else
> Index: inn/nnrpd/nnrpd.c
> diff -c inn/nnrpd/nnrpd.c:1.1.1.1 inn/nnrpd/nnrpd.c:1.2
> *** inn/nnrpd/nnrpd.c:1.1.1.1 Sun May 26 09:49:31 2002
> --- inn/nnrpd/nnrpd.c Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /* $Id: nnrpd.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
> **
> ** NNTP server for readers (NNRP) for InterNetNews.
> **
> --- 1,4 ----
> ! /* $Id: nnrpd.c,v 1.2 2002/05/26 16:25:59 bear Exp $
> **
> ** NNTP server for readers (NNRP) for InterNetNews.
> **
> ***************
> *** 31,36 ****
> --- 31,37 ----
> #include "sasl_config.h"
>
> #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
> extern SSL *tls_conn;
> int nnrpd_starttls_done = 0;
> #endif
> ***************
> *** 649,659 ****
> char buff[2048];
>
> #ifdef HAVE_SSL
> if (tls_conn) {
> va_start(args, fmt);
> vsprintf(buff,fmt, args);
> va_end(args);
> ! SSL_write(tls_conn, buff, strlen(buff));
> } else {
> va_start(args, fmt);
> vprintf(fmt, args);
> --- 650,681 ----
> char buff[2048];
>
> #ifdef HAVE_SSL
> + int r;
> +
> if (tls_conn) {
> va_start(args, fmt);
> + /* FIXME: use vsnprintf() - does it exist? */
> vsprintf(buff,fmt, args);
> va_end(args);
> ! Again:
> ! r = SSL_write(tls_conn, buff, strlen(buff));
> ! switch (SSL_get_error(tls_conn, r)) {
> ! case SSL_ERROR_NONE:
> ! break;
> ! case SSL_ERROR_WANT_WRITE:
> ! goto Again;
> ! break;
> ! case SSL_ERROR_SYSCALL:
> ! errno = get_last_socket_error();
> ! break;
> ! case SSL_ERROR_SSL:
> ! SSL_shutdown(tls_conn);
> ! tls_conn = NULL;
> ! errno = ECONNRESET;
> ! break;
> ! case SSL_ERROR_ZERO_RETURN:
> ! break;
> ! }
> } else {
> va_start(args, fmt);
> vprintf(fmt, args);
> ***************
> *** 670,675 ****
> --- 692,698 ----
>
> /* Copy output, but strip trailing CR-LF. Note
> we're assuming here
> that no output line can ever be longer than 2045
> characters. */
> + /* FIXME: use vsnprintf() - does it exist? */
> vsprintf(buff, fmt, args);
> va_end(args);
> p = buff + strlen(buff) - 1;
> ***************
> *** 687,698 ****
> {
> va_list args;
> char buff[2048];
>
> if (tls_conn) {
> va_start(args, fmt);
> vsprintf(buff, fmt, args);
> va_end(args);
> ! SSL_write(tls_conn, buff, strlen(buff));
> } else {
> va_start(args, fmt);
> vprintf(fmt, args);
> --- 710,741 ----
> {
> va_list args;
> char buff[2048];
> + int r;
>
> if (tls_conn) {
> va_start(args, fmt);
> + /* FIXME: use vsnprintf() - does it exist? */
> vsprintf(buff, fmt, args);
> va_end(args);
> ! Again:
> ! r = SSL_write(tls_conn, buff, strlen(buff));
> ! switch (SSL_get_error(tls_conn, r)) {
> ! case SSL_ERROR_NONE:
> ! break;
> ! case SSL_ERROR_WANT_WRITE:
> ! goto Again;
> ! break;
> ! case SSL_ERROR_SYSCALL:
> ! errno = get_last_socket_error();
> ! break;
> ! case SSL_ERROR_SSL:
> ! SSL_shutdown(tls_conn);
> ! tls_conn = NULL;
> ! errno = ECONNRESET;
> ! break;
> ! case SSL_ERROR_ZERO_RETURN:
> ! break;
> ! }
> } else {
> va_start(args, fmt);
> vprintf(fmt, args);
>
>
>
More information about the inn-workers
mailing list