Bodo Moeller wrote:
> >>> I just realized I have to accept either SSLV2 or SSLV3 (or TLS)
> >>> connections, so I switched from SSLv3_server_method() to
> >>> SSLv23_server_method(). But oops, that doesn't support SSL_peek()!
> >>> What to do?
>
> >> Use SSL_accept first. It will change the SSL object's method
> >> during the handshake.
>
> > Like this? Or are there unpleasant consequences to this
> > (e.g. does SSL_accept block, or something silly like that)?
> > This does seem to work in my one little test.
>
> Why modify the library? Simply call SSL_accept() in the application.
To make SSL_peek() more analogous to SSL_read(). The doc for SSL_read()
states "If necessary, SSL_read() will negotiate a TLS/SSL session, if not
already explicitly performed by SSL_connect() or SSL_accept()."
If SSL_read() can do it, SSL_peek() should, too. And it does, except for
SSL23.
> (Your are right that it is strange that the SSL23_methods support
> SSL_read but not SSL_peek, but this should be fixed in s23_lib.c
> and not in s23_srvr.c.)
Your wish is my command. How about this patch? It's not complete,
since it doesn't deal with client mode, but it does the server side nicely.
- Dan
diff -Naur openssl-0.9.6/ssl/s23_lib.c openssl/ssl/s23_lib.c
--- openssl-0.9.6/ssl/s23_lib.c Wed Mar 7 12:50:37 2001
+++ openssl/ssl/s23_lib.c Wed Mar 7 21:31:58 2001
@@ -195,6 +195,24 @@
}
}
+/* Only used until ssl23_accept finishes,
+ * at which point SSL_peek(s, ...) will resolve
+ * to either ssl2_peek or ssl3_peek.
+ */
+int ssl23_srvr_peek(SSL *s, char *buf, int len)
+ {
+ int ret;
+
+ /* can't call peek until accept decides whether it's v2 or v3 */
+ ret=ssl23_accept(s);
+ if (ret > 0)
+ {
+ /* don't know whether it's v2 or v3, so use the polymorphic call */
+ ret=SSL_peek(s, buf, len);
+ }
+ return(ret);
+ }
+
static int ssl23_write(SSL *s, const void *buf, int len)
{
int n;
diff -Naur openssl-0.9.6/ssl/s23_srvr.c openssl/ssl/s23_srvr.c
--- openssl-0.9.6/ssl/s23_srvr.c Wed Mar 7 09:58:57 2001
+++ openssl/ssl/s23_srvr.c Wed Mar 7 21:31:58 2001
@@ -90,6 +90,7 @@
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_server_data.ssl_accept=ssl23_accept;
SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+ SSLv23_server_data.ssl_peek=ssl23_srvr_peek;
init=0;
}
return(&SSLv23_server_data);
diff -Naur openssl-0.9.6/ssl/ssl_locl.h openssl/ssl/ssl_locl.h
--- openssl-0.9.6/ssl/ssl_locl.h Wed Mar 7 21:22:52 2001
+++ openssl/ssl/ssl_locl.h Wed Mar 7 21:31:58 2001
@@ -525,6 +525,7 @@
int ssl23_connect(SSL *s);
int ssl23_read_bytes(SSL *s, int n);
int ssl23_write_bytes(SSL *s);
+int ssl23_srvr_peek(SSL *s, char *buf, int len);
int tls1_new(SSL *s);
void tls1_free(SSL *s);
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
