Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

openssl: handle negotiation errors handling in client

Browse source 
If a client connects to a SSL server and the server sends handshake
alert (e.g. no matching ciphers) SSL_connect() fails, but because
SSL_ERROR_SSL return value is not handled, it's not considered a
failure. SSL_want_read() will return 1 and the client will happily wait
for more data from the server. Now if the server closes connection after
sending handshake alert, POLLIN event will be triggered,
lws_tls_client_connect() called again, but SSL_connect() will fail
without calling read(), so the client will end up consuming 100% CPU
because POLLIN will be triggered repeatedly.

Similar error handling is used in lws_tls_server_accept() and the
condition checks for SSL_ERROR_SSL. Using the same condition in
lws_tls_client_connect() fixes the problem.

Tested with OpenSSL 1.0.2k.
This commit is contained in:
Wojtek Kaniewski 2019-12-19 21:45:54 +01:00 committed by Andy Green
parent 9f9dba9f20
commit fd70c1ac81
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/tls/openssl/openssl-client.c
View file

@ -309,7 +309,7 @@ lws_tls_client_connect(struct lws *wsi)
m = lws_ssl_get_error(wsi, n);
if (m == SSL_ERROR_SYSCALL)
if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL)
return LWS_SSL_CAPABLE_ERROR;
if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl))