CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2020/11/03 10:41:39
Modified files: lib/libssl : tls13_legacy.c Log message: Only check BIO_should_read() on read and BIO_should_write() on write. The TLSv1.3 code that drives a BIO currently checks BIO_should_read() after BIO_write() and BIO_should_write() after BIO_read(), which was modelled on SSL_get_error(). However, there are certain cases where this can confuse the caller - primarily where the same BIO is being used for both read and write and the caller is manipulating the retry flags. SSL_get_error() tends avoids this issue by relying on another layer of state tracking. Unfortunately haproxy hits this situation - it has its own BIO_METHOD, the same BIO is used for both read and write and it manipulates the retry flags - resulting in it stalling. Issued noted by Thorsten Lockert <th...@tzecmaun.org> ok beck@ tb@