[jira] [Comment Edited] (SERF-198) OpenSSL BIO control method incorrectly handles unknown requests

Thu, 25 May 2023 02:44:06 -0700 


    [ 
https://issues.apache.org/jira/browse/SERF-198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17559659#comment-17559659
 ] 

Evgeny Kotkov edited comment on SERF-198 at 5/25/23 9:43 AM:
-------------------------------------------------------------

On trunk, this issue has been fixed in 
[r1902304|https://svn.apache.org/r1902304]. This change was backported to the 
1.3.x branch as a part of the r1902208 group.


was (Author: kotkov):
For serf trunk, an updated and slightly extended patch was committed in 
https://svn.apache.org/r1902304

> OpenSSL BIO control method incorrectly handles unknown requests
> ---------------------------------------------------------------
>
>                 Key: SERF-198
>                 URL: https://issues.apache.org/jira/browse/SERF-198
>             Project: serf
>          Issue Type: Bug
>    Affects Versions: serf-1.3.9, serf-trunk
>         Environment: FreeBSD 14 with KTLS enabled-OpenSSL and the base system 
> svnlite using a bundled serf.  Has also been observed with subversion + serf 
> built from FreeBSD ports.
>            Reporter: John Baldwin
>            Priority: Major
>         Attachments: serf.patch
>
>
> According to the BIO_ctrl(3) manpage from OpenSSL, control methods in custom 
> BIO classes should return 0 for unknown control requests:
> {quote}Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() 
> operation.
> {quote}
> ssl_buckets.c includes two custom BIO classes both of which are sink BIOs, 
> but the custom control method returns 1 instead of 0 for unknown operations.  
> This causes breakage with newer version of OpenSSL.  In particular, in 
> OpenSSL versions supporting KTLS, this causes OpenSSL to believe that the 
> custom BIOs support KTLS and thus handle TLS header insertion and 
> encryption/decryption in the BIO layer breaking the use of HTTPS.  This was 
> observed in FreeBSD when FreeBSD integrated KTLS support into OpenSSL:
> [253135|https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135]
> The patch below changes the default value of the control methods to 0 which 
> fixes the KTLS case.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to