[openssl-users] Issue with TLS1.3 and s_time
Matt Caswell
matt at openssl.org
Thu Jul 13 12:52:12 UTC 2017
On 12/07/17 19:43, Roelof Du Toit wrote:
> This seems to be a bug in how s_time handles the TLS 1.3 post-handshake
> NewSessionTicket message; more specifically: not handling the retry when
> SSL_read() returns -1.
>
>
>
> The following diff (in tls1.3-draft-19 branch) appears to resolve the issue:
Probably you should use SSL_get_error() rather than BIO_should_retry().
The former is a little more complete (checks some conditions that
BIO_should_retry() does not). Could you submit this as a github PR?
Matt
>
>
>
> $ git diff
>
> diff --git a/apps/s_time.c b/apps/s_time.c
>
> index 998ef72..caa1b22 100644
>
> --- a/apps/s_time.c
>
> +++ b/apps/s_time.c
>
> @@ -234,8 +234,8 @@ int s_time_main(int argc, char **argv)
>
> fmt_http_get_cmd, www_path);
>
> if (SSL_write(scon, buf, buf_len) <= 0)
>
> goto end;
>
> - while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
>
> - bytes_read += i;
>
> + while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 ||
> BIO_should_retry(SSL_get_rbio(scon)))
>
> + if (i > 0) bytes_read += i;
>
> }
>
>
>
>
>
> --Roelof
>
>
>
More information about the openssl-users
mailing list