SSL (patch 1)

Kiernan, Alex alexk at demon.net
Sat Jun 1 18:28:54 UTC 2002


I'll look to apply these in the next few days - I'm currently cleaning up
nnrpd with Purify, once I've dealt with all that I can find, I'll start
applying these.

-- 
Alex Kiernan, Principal Engineer, Development, THUS plc


> -----Original Message-----
> From: Bear Giles [mailto:bear at coyotesong.com] 
> Sent: 26 May 2002 17:39
> To: inn-patches at isc.org
> Subject: SSL (patch 1)
> 
> 
> Following are a series of patches to the SSL code.  It's a number of
> small patches, instead of one large patch, because most projects have
> an easier time handling the small patches.  It also makes it easier
> for someone more familiar with the architecture of the code to catch
> an oversight.
> 
> The first patch adds calls to SSL_get_error() after SSL_read() and
> SSL_write().  It is necessary because the standard 'errno' function
> can't encode SSL-specific problems.
> 
> Bear Giles
> 
> 
> -- Attached file included as plaintext by Ecartis --
> -- Desc: /tmp/inn1
> 
> Index: inn/nnrpd/article.c
> diff -c inn/nnrpd/article.c:1.1.1.1 inn/nnrpd/article.c:1.2
> *** inn/nnrpd/article.c:1.1.1.1	Sun May 26 09:49:31 2002
> --- inn/nnrpd/article.c	Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /*  $Id: article.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
>   **
>   **  Article-related routines.
>   */
> --- 1,4 ----
> ! /*  $Id: article.c,v 1.2 2002/05/26 16:25:59 bear Exp $
>   **
>   **  Article-related routines.
>   */
> ***************
> *** 15,20 ****
> --- 15,21 ----
>   #include "tls.h"
>   
>   #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
>   extern SSL *tls_conn;
>   #endif 
>   
> ***************
> *** 59,67 ****
>   static bool PushIOvHelper(struct iovec* vec, int* countp) {
>       int result;
>   #ifdef HAVE_SSL
> !     result = tls_conn
> ! 	     ? SSL_writev(tls_conn, vec, *countp)
> ! 	     : writev(STDOUT_FILENO, vec, *countp);
>   #else
>       result = writev(STDOUT_FILENO, vec, *countp);
>   #endif
> --- 60,89 ----
>   static bool PushIOvHelper(struct iovec* vec, int* countp) {
>       int result;
>   #ifdef HAVE_SSL
> ! 	if (tls_conn) {
> ! Again:
> !       result = SSL_writev(tls_conn, vec, *countp);
> ! 	  switch (SSL_get_error(tls_conn, result)) {
> ! 	  case SSL_ERROR_NONE:
> ! 		break;
> ! 	  case SSL_ERROR_WANT_WRITE:
> ! 		goto Again;
> ! 		break;
> ! 	  case SSL_ERROR_SYSCALL:
> ! 		errno = get_last_socket_error();
> ! 		break;
> ! 	  case SSL_ERROR_SSL:
> ! 		SSL_shutdown(tls_conn);
> ! 		tls_conn = NULL;
> ! 		errno = ECONNRESET;
> ! 		break;
> ! 	  case SSL_ERROR_ZERO_RETURN:
> ! 	    break;
> ! 	  }
> ! 	}
> ! 	else {
> ! 	  result = writev(STDOUT_FILENO, vec, *countp);
> ! 	}
>   #else
>       result = writev(STDOUT_FILENO, vec, *countp);
>   #endif
> ***************
> *** 156,165 ****
>   static int		highwater = 0;
>   
>   static bool PushIOb(void) {
>       fflush(stdout);
>   #ifdef HAVE_SSL
>       if (tls_conn) {
> !       if (SSL_write(tls_conn, _IO_buffer_, highwater) != 
> highwater) {
>           highwater = 0;
>           return FALSE;
>         }
> --- 178,210 ----
>   static int		highwater = 0;
>   
>   static bool PushIOb(void) {
> + #ifdef HAVE_SSL
> + 	int r;
> + #endif
> + 
>       fflush(stdout);
>   #ifdef HAVE_SSL
>       if (tls_conn) {
> ! Again:
> ! 	  r = SSL_write(tls_conn, _IO_buffer_, highwater);
> ! 	  switch (SSL_get_error(tls_conn, r)) {
> ! 	  case SSL_ERROR_NONE:
> ! 		break;
> ! 	  case SSL_ERROR_WANT_WRITE:
> ! 		goto Again;
> ! 		break;
> ! 	  case SSL_ERROR_SYSCALL:
> ! 		errno = get_last_socket_error();
> ! 		break;
> ! 	  case SSL_ERROR_SSL:
> ! 		SSL_shutdown(tls_conn);
> ! 		tls_conn = NULL;
> ! 		errno = ECONNRESET;
> ! 		break;
> ! 	  case SSL_ERROR_ZERO_RETURN:
> ! 	    break;
> ! 	  }
> ! 	  if (r != highwater) {
>           highwater = 0;
>           return FALSE;
>         }
> Index: inn/nnrpd/misc.c
> diff -c inn/nnrpd/misc.c:1.1.1.1 inn/nnrpd/misc.c:1.2
> *** inn/nnrpd/misc.c:1.1.1.1	Sun May 26 09:49:31 2002
> --- inn/nnrpd/misc.c	Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /*  $Id: misc.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
>   **
>   **  Miscellaneous support routines.
>   */
> --- 1,4 ----
> ! /*  $Id: misc.c,v 1.2 2002/05/26 16:25:59 bear Exp $
>   **
>   **  Miscellaneous support routines.
>   */
> ***************
> *** 16,21 ****
> --- 16,22 ----
>   #include "sasl_config.h"
>   
>   #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
>   extern SSL *tls_conn;
>   extern int nnrpd_starttls_done;
>   #endif 
> ***************
> *** 271,278 ****
>   	    if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
>   		return RTtimeout;
>   #ifdef HAVE_SSL
> ! 	    if (tls_conn)
>   	      count = SSL_read(tls_conn, buffer, sizeof buffer);
>   	    else
>   	      count = read(STDIN_FILENO, buffer, sizeof buffer);
>   #else
> --- 272,297 ----
>   	    if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
>   		return RTtimeout;
>   #ifdef HAVE_SSL
> ! 	    if (tls_conn) {
>   	      count = SSL_read(tls_conn, buffer, sizeof buffer);
> + 		  switch (SSL_get_error(tls_conn, count)) {
> + 		  case SSL_ERROR_NONE:
> + 			break;
> + 		  case SSL_ERROR_WANT_READ:
> + 			goto Again;
> + 			break;
> + 		  case SSL_ERROR_SYSCALL:
> + 			errno = get_last_socket_error();
> + 			break;
> + 		  case SSL_ERROR_SSL:
> + 			SSL_shutdown(tls_conn);
> + 			tls_conn = NULL;
> + 			errno = ECONNRESET;
> + 			break;
> + 		  case SSL_ERROR_ZERO_RETURN:
> + 			break;
> + 		  }
> + 		}
>   	    else
>   	      count = read(STDIN_FILENO, buffer, sizeof buffer);
>   #else
> Index: inn/nnrpd/nnrpd.c
> diff -c inn/nnrpd/nnrpd.c:1.1.1.1 inn/nnrpd/nnrpd.c:1.2
> *** inn/nnrpd/nnrpd.c:1.1.1.1	Sun May 26 09:49:31 2002
> --- inn/nnrpd/nnrpd.c	Sun May 26 10:25:59 2002
> ***************
> *** 1,4 ****
> ! /*  $Id: nnrpd.c,v 1.1.1.1 2002/05/26 15:49:31 bear Exp $
>   **
>   **  NNTP server for readers (NNRP) for InterNetNews.
>   **
> --- 1,4 ----
> ! /*  $Id: nnrpd.c,v 1.2 2002/05/26 16:25:59 bear Exp $
>   **
>   **  NNTP server for readers (NNRP) for InterNetNews.
>   **
> ***************
> *** 31,36 ****
> --- 31,37 ----
>   #include "sasl_config.h"
>   
>   #ifdef HAVE_SSL
> + #include <openssl/e_os.h>
>   extern SSL *tls_conn;
>   int nnrpd_starttls_done = 0;
>   #endif 
> ***************
> *** 649,659 ****
>       char        buff[2048];
>   
>   #ifdef HAVE_SSL
>       if (tls_conn) {
>         va_start(args, fmt);
>         vsprintf(buff,fmt, args);
>         va_end(args);
> !       SSL_write(tls_conn, buff, strlen(buff));
>       } else {
>         va_start(args, fmt);
>         vprintf(fmt, args);
> --- 650,681 ----
>       char        buff[2048];
>   
>   #ifdef HAVE_SSL
> + 	int			r;
> + 
>       if (tls_conn) {
>         va_start(args, fmt);
> + 	  /* FIXME: use vsnprintf() - does it exist? */
>         vsprintf(buff,fmt, args);
>         va_end(args);
> ! Again:
> !       r = SSL_write(tls_conn, buff, strlen(buff));
> ! 	  switch (SSL_get_error(tls_conn, r)) {
> ! 	  case SSL_ERROR_NONE:
> ! 		break;
> ! 	  case SSL_ERROR_WANT_WRITE:
> ! 		goto Again;
> ! 		break;
> ! 	  case SSL_ERROR_SYSCALL:
> ! 		errno = get_last_socket_error();
> ! 		break;
> ! 	  case SSL_ERROR_SSL:
> ! 		SSL_shutdown(tls_conn);
> ! 		tls_conn = NULL;
> ! 		errno = ECONNRESET;
> ! 		break;
> ! 	  case SSL_ERROR_ZERO_RETURN:
> ! 		break;
> ! 	  }
>       } else {
>         va_start(args, fmt);
>         vprintf(fmt, args);
> ***************
> *** 670,675 ****
> --- 692,698 ----
>   
>           /* Copy output, but strip trailing CR-LF.  Note 
> we're assuming here
>              that no output line can ever be longer than 2045 
> characters. */
> + 	    /* FIXME: use vsnprintf() - does it exist? */
>           vsprintf(buff, fmt, args);
>           va_end(args);
>           p = buff + strlen(buff) - 1;
> ***************
> *** 687,698 ****
>   {
>       va_list     args;
>       char        buff[2048];
>   
>       if (tls_conn) {
>         va_start(args, fmt);
>         vsprintf(buff, fmt, args);
>         va_end(args);
> !       SSL_write(tls_conn, buff, strlen(buff));
>       } else {
>         va_start(args, fmt);
>         vprintf(fmt, args);
> --- 710,741 ----
>   {
>       va_list     args;
>       char        buff[2048];
> + 	int			r;
>   
>       if (tls_conn) {
>         va_start(args, fmt);
> + 	  /* FIXME: use vsnprintf() - does it exist? */
>         vsprintf(buff, fmt, args);
>         va_end(args);
> ! Again:
> !       r = SSL_write(tls_conn, buff, strlen(buff));
> ! 	  switch (SSL_get_error(tls_conn, r)) {
> ! 	  case SSL_ERROR_NONE:
> ! 		break;
> ! 	  case SSL_ERROR_WANT_WRITE:
> ! 		goto Again;
> ! 		break;
> ! 	  case SSL_ERROR_SYSCALL:
> ! 		errno = get_last_socket_error();
> ! 		break;
> ! 	  case SSL_ERROR_SSL:
> ! 		SSL_shutdown(tls_conn);
> ! 		tls_conn = NULL;
> ! 		errno = ECONNRESET;
> ! 		break;
> ! 	  case SSL_ERROR_ZERO_RETURN:
> ! 		break;
> ! 	  }
>       } else {
>         va_start(args, fmt);
>         vprintf(fmt, args);
> 
> 
> 


More information about the inn-workers mailing list