Fossil

Check-in [b890451c]
Login

Check-in [b890451c]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Preliminary workaround for Windows-specific SSL_read() behavior described in forum post 2f818850abb72719. Patch tested by Florian (Windows) and myself (Linux).
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: b890451cfbf892e11fd94127c25873b966b16e9f69e3751373a4567df9eba734
User & Date: stephan 2022-01-24 08:23:16
References
2022-01-26
07:41
Alternative to [b890451cfb], [b70557f690] and [acffc8f785] to fix the SSL_read() loops on Windows. Pending tests on non-Windows platforms. ... (Closed-Leaf check-in: 95256636 user: florian tags: ssl-read-loops)
Context
2022-01-24
08:27
Simplified version of the previous patch which also catches SSL_read() errors on Windows. ... (check-in: b70557f6 user: stephan tags: trunk)
08:23
Preliminary workaround for Windows-specific SSL_read() behavior described in forum post 2f818850abb72719. Patch tested by Florian (Windows) and myself (Linux). ... (check-in: b890451c user: stephan tags: trunk)
06:54
Replaced the "manual" TLS EOF tracking with BIO_eof(), analog to how is done in althttpd. ... (check-in: 06e300e5 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/http_ssl.c. 

811
812
813
814
815
816
817
818
819
820
821
822
823
824








825
826
827
828
829
830
831
832
833

834
835
836
837
838
839
840

}

/*
** Read cleartext bytes that have been received from the client and
** decrypted by the SSL server codec.
*/
size_t ssl_read_server(void *pServerArg, char *zBuf, size_t nBuf){
  int n, err = 0;
  size_t rc = 0;
  SslServerConn *pServer = (SslServerConn*)pServerArg;
  if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); }
  else if( BIO_eof(pServer->bio) ) return 0;
  while( 0==err && nBuf!=rc ){
    n = SSL_read(pServer->ssl, zBuf + rc, (int)(nBuf - rc));








    if( n==0 ){
      break;
    }
    err = SSL_get_error(pServer->ssl, n);
    if(0==err){
      rc += n;
    }else{
      fossil_fatal("SSL read error.");
    }

  }
  return rc;
}

/*
** Read a single line of text from the client.
*/








|




|

>
>
>
>
>
>
>
>


<
<
|




>








811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834


835
836
837
838
839
840
841
842
843
844
845
846
847

}

/*
** Read cleartext bytes that have been received from the client and
** decrypted by the SSL server codec.
*/
size_t ssl_read_server(void *pServerArg, char *zBuf, size_t nBuf){
  int n;
  size_t rc = 0;
  SslServerConn *pServer = (SslServerConn*)pServerArg;
  if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); }
  else if( BIO_eof(pServer->bio) ) return 0;
  while( nBuf!=rc ){
    n = SSL_read(pServer->ssl, zBuf + rc, (int)(nBuf - rc));
#ifdef _WIN32
    /* Windows (XP and 10 tested with openssl 1.1.1m and 3.0.1) does
    ** not require reading in a loop, returning all data in a single
    ** call. If we read in a loop on Windows, SSL reads fail. Details:
    ** https://fossil-scm.org/forum/forumpost/2f818850abb72719 */
    rc += n;
    break;
#else
    if( n==0 ){
      break;


    }else if(n>0){
      rc += n;
    }else{
      fossil_fatal("SSL read error.");
    }
#endif
  }
  return rc;
}

/*
** Read a single line of text from the client.
*/