Comments on SSL_peek deficiencies

24b44446 · Bodo Möller · 87739b2c · 24b44446 · 24b44446 · 24b44446
隐藏空白更改
内联并排

Showing with 12 addition and 2 deletion

ssl/s2_lib.c ssl/s2_lib.c +3 -0

ssl/s3_lib.c ssl/s3_lib.c +2 -2

ssl/ssl_lib.c ssl/ssl_lib.c +7 -0

未找到文件。
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -260,6 +260,9 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 int ssl2_pending(SSL *s)
 	{
+	/* Unlike ssl2_pending, this one probably works (if read-ahead
+	 * is disabled), but it should be examined
+	 * XXX */
 	return(s->s2->ract_data_length);
 	}

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -638,10 +638,10 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 		return(NULL);
 	}
-/* The problem is that it may not be the correct record type */
 int ssl3_pending(SSL *s)
 	{
-	return(s->s3->rrec.length);
+	/* The problem is that it may not be the correct record type */
+	return(s->s3->rrec.length); /* FIXME */
 	}
 int ssl3_new(SSL *s)

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -576,6 +576,13 @@ int SSL_get_read_ahead(SSL *s)
 int SSL_pending(SSL *s)
 	{
+	/* SSL_pending cannot work properly if read-ahead is enabled
+	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+	 * and it is impossible to fix since SSL_pending cannot report
+	 * errors that may be observed while scanning the new data.
+	 * (Note that SSL_pending() is often used as a boolean value,
+	 * so we'd better not return -1.)
+	 */
 	return(s->method->ssl_pending(s));
 	}