Set auto retry

SSL_read returns a WANT_READ after a renegotiation by default which ends up bubbling up as a weird BUG error. Tell OpenSSL to just do the read again.
2016-07-01 18:31:47 -04:00 · 2016-07-01 18:31:47 -04:00 · 121169c1f5
parent 0fe3b85476
commit 121169c1f5
4 changed files with 17 additions and 2 deletions
--- a/openssl-sys-extras/src/lib.rs
+++ b/openssl-sys-extras/src/lib.rs
@ -60,6 +60,8 @@ extern {
    pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
    pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
    pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
+    #[link_name = "SSL_CTX_set_mode_shim"]
+    pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, options: c_long) -> c_long;
    #[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
    pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
    #[link_name = "SSL_CTX_set_read_ahead_shim"]
--- a/openssl-sys-extras/src/openssl_shim.c
+++ b/openssl-sys-extras/src/openssl_shim.c
@ -93,6 +93,10 @@ long SSL_CTX_clear_options_shim(SSL_CTX *ctx, long options) {
    return SSL_CTX_clear_options(ctx, options);
 }

+long SSL_CTX_set_mode_shim(SSL_CTX *ctx, long options) {
+    return SSL_CTX_set_mode(ctx, options);
+}
+
 long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) {
    return SSL_CTX_add_extra_chain_cert(ctx, x509);
 }
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -270,8 +270,10 @@ pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:  c_int = 53;
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
 pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
 pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
-
 pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
+
+pub const SSL_MODE_AUTO_RETRY: c_long = 4;
+
 pub const SSL_ERROR_NONE: c_int = 0;
 pub const SSL_ERROR_SSL: c_int = 1;
 pub const SSL_ERROR_SYSCALL: c_int = 5;
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -566,6 +566,9 @@ impl SslContext {

        let ctx = SslContext { ctx: ctx };

+        // this is a bit dubious (?)
+        try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY));
+
        if method.is_dtls() {
            ctx.set_read_ahead(1);
        }
@ -648,8 +651,12 @@ impl SslContext {
        }
    }

+    fn set_mode(&self, mode: c_long) -> Result<(), SslError> {
+        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int })
+    }
+
    pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> {
-        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
+        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as c_int })
    }

    /// Use the default locations of trusted certificates for verification.