Set auto retry
SSL_read returns a WANT_READ after a renegotiation by default which ends up bubbling up as a weird BUG error. Tell OpenSSL to just do the read again.
This commit is contained in:
Steven Fackler
parent
0fe3b85476
commit
121169c1f5
|
|
@ -60,6 +60,8 @@ extern {
|
|||
pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
|
||||
pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
|
||||
pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
|
||||
#[link_name = "SSL_CTX_set_mode_shim"]
|
||||
pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, options: c_long) -> c_long;
|
||||
#[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
|
||||
pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
|
||||
#[link_name = "SSL_CTX_set_read_ahead_shim"]
|
||||
|
|
|
|||
|
|
@ -93,6 +93,10 @@ long SSL_CTX_clear_options_shim(SSL_CTX *ctx, long options) {
|
|||
return SSL_CTX_clear_options(ctx, options);
|
||||
}
|
||||
|
||||
long SSL_CTX_set_mode_shim(SSL_CTX *ctx, long options) {
|
||||
return SSL_CTX_set_mode(ctx, options);
|
||||
}
|
||||
|
||||
long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) {
|
||||
return SSL_CTX_add_extra_chain_cert(ctx, x509);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -270,8 +270,10 @@ pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
|
|||
pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
|
||||
pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
|
||||
pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
|
||||
|
||||
pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
|
||||
|
||||
pub const SSL_MODE_AUTO_RETRY: c_long = 4;
|
||||
|
||||
pub const SSL_ERROR_NONE: c_int = 0;
|
||||
pub const SSL_ERROR_SSL: c_int = 1;
|
||||
pub const SSL_ERROR_SYSCALL: c_int = 5;
|
||||
|
|
|
|||
|
|
@ -566,6 +566,9 @@ impl SslContext {
|
|||
|
||||
let ctx = SslContext { ctx: ctx };
|
||||
|
||||
// this is a bit dubious (?)
|
||||
try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY));
|
||||
|
||||
if method.is_dtls() {
|
||||
ctx.set_read_ahead(1);
|
||||
}
|
||||
|
|
@ -648,8 +651,12 @@ impl SslContext {
|
|||
}
|
||||
}
|
||||
|
||||
fn set_mode(&self, mode: c_long) -> Result<(), SslError> {
|
||||
wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int })
|
||||
}
|
||||
|
||||
pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> {
|
||||
wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
|
||||
wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as c_int })
|
||||
}
|
||||
|
||||
/// Use the default locations of trusted certificates for verification.
|
||||
|
|
|
|||
Loading…
Reference in New Issue