Support for OpenSSL 1.1.0:
- use SSL_peek instead of looping with has_buffered_data(). This fixes t/security/CVE-2009-3555.t where has_buffered_data() doesn't help, because it finds the buffered data and doesn't call SSL_read(), so the reneg handshake isn't triggered. SSL_peek() for 0 bytes seems to reliably trigger the reneg in every case. No more polling/sleeping. The code for the OpenSSL 1.1.0 case is now again very close to the pre 1.1.0 case. Still need to run the full test suite with a clean build. Backport of r1730316 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755838 13f79535-47bb-0310-9956-ffa450edef68
parent
a9509688
Please register or sign in to comment