projects
/
project
/
ustream-ssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ustream-openssl: clear error stack before SSL_read/SSL_write
[project/ustream-ssl.git]
/
ustream-openssl.c
diff --git
a/ustream-openssl.c
b/ustream-openssl.c
index 21abf612ef18ae5098aeec099c40f79bf230d785..fa99e67b7fca9194afb9ceb1b96f07710f4de4f5 100644
(file)
--- a/
ustream-openssl.c
+++ b/
ustream-openssl.c
@@
-110,8
+110,12
@@
__ustream_ssl_context_new(bool server)
SSL_library_init();
_init = true;
}
SSL_library_init();
_init = true;
}
-# define TLS_server_method SSLv23_server_method
-# define TLS_client_method SSLv23_client_method
+# ifndef TLS_server_method
+# define TLS_server_method SSLv23_server_method
+# endif
+# ifndef TLS_client_method
+# define TLS_client_method SSLv23_client_method
+# endif
#endif
if (server) {
#endif
if (server) {
@@
-203,7
+207,7
@@
static void ustream_ssl_error(struct ustream_ssl *us, int ret)
uloop_timeout_set(&us->error_timer, 0);
}
uloop_timeout_set(&us->error_timer, 0);
}
-#ifndef
WOLFSSL_OPENSSL_H_
+#ifndef
NO_X509_CHECK_HOST
static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
{
static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
{
@@
-212,10
+216,15
@@
static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
if (!us->peer_cn)
return false;
if (!us->peer_cn)
return false;
+# ifndef WOLFSSL_OPENSSL_H_
ret = X509_check_host(cert, us->peer_cn, 0, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL);
ret = X509_check_host(cert, us->peer_cn, 0, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL);
+# else
+ ret = wolfSSL_X509_check_host(cert, us->peer_cn, 0, 0, NULL);
+# endif
return ret == 1;
}
return ret == 1;
}
+#endif
static void ustream_ssl_verify_cert(struct ustream_ssl *us)
{
static void ustream_ssl_verify_cert(struct ustream_ssl *us)
{
@@
-235,26
+244,27
@@
static void ustream_ssl_verify_cert(struct ustream_ssl *us)
return;
us->valid_cert = true;
return;
us->valid_cert = true;
+#ifndef NO_X509_CHECK_HOST
us->valid_cn = ustream_ssl_verify_cn(us, cert);
us->valid_cn = ustream_ssl_verify_cn(us, cert);
+#endif
X509_free(cert);
}
X509_free(cert);
}
-#endif
__hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
{
void *ssl = us->ssl;
int r;
__hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
{
void *ssl = us->ssl;
int r;
+ ERR_clear_error();
+
if (us->server)
r = SSL_accept(ssl);
else
r = SSL_connect(ssl);
if (r == 1) {
if (us->server)
r = SSL_accept(ssl);
else
r = SSL_connect(ssl);
if (r == 1) {
-#ifndef WOLFSSL_OPENSSL_H_
ustream_ssl_verify_cert(us);
ustream_ssl_verify_cert(us);
-#endif
return U_SSL_OK;
}
return U_SSL_OK;
}
@@
-269,7
+279,11
@@
__hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
__hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int len)
{
void *ssl = us->ssl;
__hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int len)
{
void *ssl = us->ssl;
- int ret = SSL_write(ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_write(ssl, buf, len);
if (ret < 0) {
int err = SSL_get_error(ssl, ret);
if (ret < 0) {
int err = SSL_get_error(ssl, ret);
@@
-285,7
+299,11
@@
__hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int le
__hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
{
__hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
{
- int ret = SSL_read(us->ssl, buf, len);
+ int ret;
+
+ ERR_clear_error();
+
+ ret = SSL_read(us->ssl, buf, len);
if (ret < 0) {
ret = SSL_get_error(us->ssl, ret);
if (ret < 0) {
ret = SSL_get_error(us->ssl, ret);