[openssl-users] Issue with TLS1.3 and s_time
Roelof Du Toit
Roelof_Dutoit at symantec.com
Wed Jul 12 18:43:10 UTC 2017
This seems to be a bug in how s_time handles the TLS 1.3 post-handshake NewSessionTicket message; more specifically: not handling the retry when SSL_read() returns -1.
The following diff (in tls1.3-draft-19 branch) appears to resolve the issue:
$ git diff
diff --git a/apps/s_time.c b/apps/s_time.c
index 998ef72..caa1b22 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -234,8 +234,8 @@ int s_time_main(int argc, char **argv)
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
- while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
- bytes_read += i;
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || BIO_should_retry(SSL_get_rbio(scon)))
+ if (i > 0) bytes_read += i;
}
--Roelof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170712/456836d7/attachment.html>
More information about the openssl-users
mailing list