QUIC_CONNECTION *qc;
};
+static int tls_wants_non_io_retry(QUIC_CONNECTION *qc)
+{
+ int want = SSL_want(qc->tls);
+
+ if (want == SSL_X509_LOOKUP
+ || want == SSL_CLIENT_HELLO_CB
+ || want == SSL_RETRY_VERIFY)
+ return 1;
+
+ return 0;
+}
+
static int quic_handshake_wait(void *arg)
{
struct quic_handshake_wait_args *args = arg;
if (ossl_quic_channel_is_handshake_complete(args->qc->ch))
return 1;
+ if (tls_wants_non_io_retry(args->qc))
+ return 1;
+
return 0;
}
return -1; /* Non-protocol error */
}
+ if (tls_wants_non_io_retry(qc)) {
+ QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
+ return -1;
+ }
+
assert(ossl_quic_channel_is_handshake_complete(qc->ch));
return 1;
}
+ if (tls_wants_non_io_retry(qc)) {
+ QUIC_RAISE_NORMAL_ERROR(ctx, SSL_get_error(qc->tls, 0));
+ return -1;
+ }
+
/*
* Otherwise, indicate that the handshake isn't done yet.
* We can only get here in non-blocking mode.
case SSL_ERROR_WANT_WRITE:
return SSL_WRITING;
+ case SSL_ERROR_WANT_RETRY_VERIFY:
+ return SSL_RETRY_VERIFY;
+
case SSL_ERROR_WANT_CLIENT_HELLO_CB:
return SSL_CLIENT_HELLO_CB;
switch (err) {
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_CLIENT_HELLO_CB:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ case SSL_ERROR_WANT_RETRY_VERIFY:
ERR_pop_to_mark();
return 1;