CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2020/11/03 10:41:39
Modified files:
lib/libssl : tls13_legacy.c
Log message:
Only check BIO_should_read() on read and BIO_should_write() on write.
The TLSv1.3 code that drives a BIO currently checks BIO_should_read()
after BIO_write() and BIO_should_write() after BIO_read(), which was
modelled on SSL_get_error(). However, there are certain cases where
this can confuse the caller - primarily where the same BIO is being
used for both read and write and the caller is manipulating the retry
flags. SSL_get_error() tends avoids this issue by relying on another
layer of state tracking.
Unfortunately haproxy hits this situation - it has its own BIO_METHOD,
the same BIO is used for both read and write and it manipulates the
retry flags - resulting in it stalling.
Issued noted by Thorsten Lockert <th...@tzecmaun.org>
ok beck@ tb@
