Remove a call to SSL_set_state from s_server

s_server was (ab)using SSL_set_state to force a renegotiation. This is a bad way to do things and does not work with the new state machine code, so we need to do it a different way. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org>

Remove a call to SSL_set_state from s_server
s_server was (ab)using SSL_set_state to force a renegotiation. This is a bad way to do things and does not work with the new state machine code, so we need to do it a different way. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org>
075c8795 · Matt Caswell · e0a51488 · 075c8795
隐藏空白更改
内联并排

Showing with 19 addition and 7 deletion

apps/s_server.c apps/s_server.c +19 -7

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2567,6 +2567,11 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
 #ifdef RENEG
    int total_bytes = 0;
 #endif
+    int width;
+    fd_set readfds;
+
+    /* Set width for a select call if needed */
+    width = s + 1;

    buf = app_malloc(bufsize, "server www buffer");
    io = BIO_new(BIO_f_buffer());
@@ -2684,6 +2689,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                                   NULL);
                i = SSL_renegotiate(con);
                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
+                /* Send the HelloRequest */
                i = SSL_do_handshake(con);
                if (i <= 0) {
                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
@@ -2691,16 +2697,22 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                    ERR_print_errors(bio_err);
                    goto err;
                }
-                /* EVIL HACK! */
-                SSL_set_state(con, SSL_ST_ACCEPT);
-                i = SSL_do_handshake(con);
-                BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n", i);
-                if (i <= 0) {
-                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
-                               SSL_get_error(con, i));
+                /* Wait for a ClientHello to come back */
+                FD_ZERO(&readfds);
+                openssl_fdset(s, &readfds);
+                i = select(width, (void *)&readfds, NULL, NULL, NULL);
+                if (i <= 0 || !FD_ISSET(s, &readfds)) {
+                    BIO_printf(bio_s_out, "Error waiting for client response\n");
                    ERR_print_errors(bio_err);
                    goto err;
                }
+                /*
+                 * We're not acutally expecting any data here and we ignore
+                 * any that is sent. This is just to force the handshake that
+                 * we're expecting to come from the client. If they haven't
+                 * sent one there's not much we can do.
+                 */
+                BIO_gets(io, buf, bufsize - 1);
            }

            BIO_puts(io,