int al,i,j,n,ret;
SSL3_RECORD *rr;
void (*cb)()=NULL;
- BIO *bio;
if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_buffers(s))
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
+
+ if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+ {
+ BIO *bio;
+ /* In the case where we try to read application data
+ * the first time, but we trigger an SSL handshake, we
+ * return -1 with the retry option set. I do this
+ * otherwise renegotiation can cause nasty problems
+ * in the blocking world */ /* ? */
+ s->rwstate=SSL_READING;
+ bio=SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return(-1);
+ }
}
}
/* we either finished a handshake or ignored the request,
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
+#if 0 /* worked only because C operator preferences are not as expected (and
+ * because this is not really needed for clients except for detecting
+ * protocol violations): */
s->state=SSL_ST_BEFORE|(s->server)
?SSL_ST_ACCEPT
:SSL_ST_CONNECT;
+#else
+ s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
s->new_session=1;
}
n=s->handshake_func(s);
return(-1);
}
- /* In the case where we try to read application data
- * the first time, but we trigger an SSL handshake, we
- * return -1 with the retry option set. I do this
- * otherwise renegotiation can cause nasty problems
- * in the non-blocking world */
-
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
+ if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+ {
+ BIO *bio;
+ /* In the case where we try to read application data
+ * the first time, but we trigger an SSL handshake, we
+ * return -1 with the retry option set. I do this
+ * otherwise renegotiation can cause nasty problems
+ * in the blocking world */ /* ? */
+ s->rwstate=SSL_READING;
+ bio=SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return(-1);
+ }
+ goto start;
}
switch (rr->type)
* but have application data. If the library was
* running inside ssl3_read() (i.e. in_read_app_data
* is set) and it makes sense to read application data
- * at this point (session renegotation not yet started),
+ * at this point (session renegotiation not yet started),
* we will indulge it.
*/
if (s->s3->in_read_app_data &&
return(1);
}
-/* send s->init_buf in records of type 'type' */
-int ssl3_do_write(SSL *s, int type)
- {
- int ret;
-
- ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
- s->init_num);
- if (ret < 0) return(-1);
- if (type == SSL3_RT_HANDSHAKE)
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- ssl3_finish_mac(s,&s->init_buf->data[s->init_off],ret);
-
- if (ret == s->init_num)
- return(1);
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
void ssl3_send_alert(SSL *s, int level, int desc)
{
/* Map tls/ssl alert value to correct one */
projects / openssl.git / blobdiff