[
https://issues.apache.org/jira/browse/SERF-198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Evgeny Kotkov resolved SERF-198.
--------------------------------
Fix Version/s: serf-1.3.10
Resolution: Fixed
> OpenSSL BIO control method incorrectly handles unknown requests
> ---------------------------------------------------------------
>
> Key: SERF-198
> URL: https://issues.apache.org/jira/browse/SERF-198
> Project: serf
> Issue Type: Bug
> Affects Versions: serf-1.3.9, serf-trunk
> Environment: FreeBSD 14 with KTLS enabled-OpenSSL and the base system
> svnlite using a bundled serf. Has also been observed with subversion + serf
> built from FreeBSD ports.
> Reporter: John Baldwin
> Priority: Major
> Fix For: serf-1.3.10
>
> Attachments: serf.patch
>
>
> According to the BIO_ctrl(3) manpage from OpenSSL, control methods in custom
> BIO classes should return 0 for unknown control requests:
> {quote}Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl()
> operation.
> {quote}
> ssl_buckets.c includes two custom BIO classes both of which are sink BIOs,
> but the custom control method returns 1 instead of 0 for unknown operations.
> This causes breakage with newer version of OpenSSL. In particular, in
> OpenSSL versions supporting KTLS, this causes OpenSSL to believe that the
> custom BIOs support KTLS and thus handle TLS header insertion and
> encryption/decryption in the BIO layer breaking the use of HTTPS. This was
> observed in FreeBSD when FreeBSD integrated KTLS support into OpenSSL:
> [253135|https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135]
> The patch below changes the default value of the control methods to 0 which
> fixes the KTLS case.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
