return NULL;
}
+int SSL_is_dtls(const SSL *s)
+{
+ return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
int SSL_up_ref(SSL *s)
{
int i;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
- CRYPTO_THREAD_read_lock(ssl->ctx->lock);
- p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
- CRYPTO_THREAD_unlock(ssl->ctx->lock);
+ CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+ p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+ CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
return (p != NULL);
}
BIO_free(s->bbio);
s->bbio = NULL;
}
- BIO_free_all(s->rbio);
if (s->wbio != s->rbio)
BIO_free_all(s->wbio);
+ BIO_free_all(s->rbio);
BUF_MEM_free(s->init_buf);
#endif
}
-int ssl_init_wbio_buffer(SSL *s, int push)
+int ssl_init_wbio_buffer(SSL *s)
{
BIO *bbio;
if (s->bbio == NULL) {
bbio = BIO_new(BIO_f_buffer());
if (bbio == NULL)
- return (0);
+ return 0;
s->bbio = bbio;
+ s->wbio = BIO_push(bbio, s->wbio);
} else {
bbio = s->bbio;
- if (s->bbio == s->wbio)
- s->wbio = BIO_pop(s->wbio);
+ (void)BIO_reset(bbio);
}
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+
if (!BIO_set_read_buffer_size(bbio, 1)) {
SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
- return (0);
- }
- if (push) {
- if (s->wbio != bbio)
- s->wbio = BIO_push(bbio, s->wbio);
- } else {
- if (s->wbio == bbio)
- s->wbio = BIO_pop(bbio);
+ return 0;
}
- return (1);
+
+ return 1;
}
void ssl_free_wbio_buffer(SSL *s)
err:
if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */
- return scts_moved;
+ return -1;
}
/*
end:
CT_POLICY_EVAL_CTX_free(ctx);
+ /*
+ * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+ * failure return code here. Also the application may wish the complete
+ * the handshake, and then disconnect cleanly at a higher layer, after
+ * checking the verification status of the completed connection.
+ *
+ * We therefore force a certificate verification failure which will be
+ * visible via SSL_get_verify_result() and cached as part of any resumed
+ * session.
+ *
+ * Note: the permissive callback is for information gathering only, always
+ * returns success, and does not affect verification status. Only the
+ * strict callback or a custom application-specified callback can trigger
+ * connection failure or record a verification error.
+ */
+ if (ret <= 0)
+ s->verify_result = X509_V_ERR_NO_VALID_SCTS;
return ret;
}