diff options
| author | Adam Langley <agl@google.com> | 2014-11-04 03:14:21 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-11-04 04:25:22 +0300 |
| commit | ec48af40a75bbeef2287af8bf3d867e8fb094692 (patch) | |
| tree | ad1d9140aa0a751f8eca00681dec6c811ee46ed8 /ssl/d1_pkt.c | |
| parent | 8cfd8ad144793618afa0a9555ef3c18d720ec99a (diff) | |
Make SSL_MODE_AUTO_RETRY the default.
Without SSL_MODE_AUTO_RETRY, even blocking mode will return
SSL_ERROR_WANT_{READ|WRITE} in the event of a renegotiation.
The comments in the code speak only of "nasty problems" unless this is
done. The original commit that added SSL_MODE_AUTO_RETRY
(54f10e6adce56eb2e59936e32216162aadc5d050) gives a little more detail:
The [...] behaviour is needed by applications such as s_client and
s_server that use select() to determine when to use SSL_read.
Without the -nbio flag, s_client will use select() to find when the
socket is readable and then call SSL_read with a blocking socket.
However, this will still block in the event of an incomplete record, so
the delay is already unbounded. This it's very unclear what the point of
this behaviour ever was.
Perhaps if the read and write paths were different sockets where the
read socket was non-blocking but the write socket was blocking. But that
seems like an implausible situation to worry too much about.
Change-Id: I9d9f2526afc2e0fd0e5440e9a047f419a2d61afa
Reviewed-on: https://boringssl-review.googlesource.com/2140
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/d1_pkt.c')
| -rw-r--r-- | ssl/d1_pkt.c | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index ee13028d..0ecbb2ee 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -976,23 +976,6 @@ start: OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } } } /* we either finished a handshake or ignored the request, @@ -1155,22 +1138,6 @@ start: return(-1); } - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } goto start; } |