[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Sun Sep 20 13:34:16 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 325bb1ac25e1f9ae8d2c11bdbc528a115c60ed8e (commit)
via 2e3a21e152d2e953d9ed148f65e43707db370302 (commit)
from 8748519f64735a9753b7791bb5e08a28ac7bdc94 (commit)
- Log -----------------------------------------------------------------
commit 325bb1ac25e1f9ae8d2c11bdbc528a115c60ed8e
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Sep 13 19:04:58 2015 +0100
Handle SSL_ERROR_WANT_X509_LOOKUP
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit f1c412c9e63f7c9cac2c723bff09cce563dda1b0)
commit 2e3a21e152d2e953d9ed148f65e43707db370302
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Sep 12 02:37:48 2015 +0100
Make SRP work with -www
PR#3817
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 4e7e623012e1604d985e2ef362c2957d464f3f01)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
ssl/bio_ssl.c | 4 ++++
2 files changed, 49 insertions(+)
diff --git a/apps/s_server.c b/apps/s_server.c
index afc72b0..f19532b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2887,6 +2887,21 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
@@ -3217,6 +3232,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
ERR_print_errors(bio_err);
goto end;
}
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
}
BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
@@ -3230,6 +3260,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index a0c583e..d2d4d2e 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -419,6 +419,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
b->retry_reason = b->next_bio->retry_reason;
break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
default:
break;
}
More information about the openssl-commits
mailing list