Commit b31b04d9 authored by Bodo Möller's avatar Bodo Möller
Browse files

Make SSL library a little more fool-proof by not requiring any longer 

that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
parent 10243d97

CHANGES

+7 −0
Original line number Diff line number Diff line
@@ -5,6 +5,13 @@ 


 Changes between 0.9.2b and 0.9.3



  *) Make SSL library a little more fool-proof by not requiring any longer

     that SSL_set_{accept,connect}_state be called before

     SSL_{accept,connect} may be used (SSL_set_..._state is omitted

     in many applications because usually everything *appeared* to work as

     intended anyway -- now it really works as intended).

     [Bodo Moeller]



  *) Move openssl.cnf out of lib/.

     [Ulf Möller]

ssl/ssl.h

+9 −0
Original line number Diff line number Diff line
@@ -514,6 +514,12 @@ struct ssl_st 
	int in_handshake;

	int (*handshake_func)();



	/* Imagine that here's a boolean member "init"

	 * that is switched as soon as handshake_func becomes

	 * != 0 for the first time (which is why we don't actually

	 * need it).

	 */



	int server;	/* are we the server side? - mostly used by SSL_clear*/



	int new_session;/* 1 if we are to use a new session */
@@ -1191,6 +1197,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); 
#define SSL_F_SSL_INIT_WBIO_BUFFER			 184

#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185

#define SSL_F_SSL_NEW					 186

#define SSL_F_SSL_READ					 223

#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187

#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188

#define SSL_F_SSL_SESSION_NEW				 189
@@ -1202,6 +1209,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); 
#define SSL_F_SSL_SET_SESSION				 195

#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218

#define SSL_F_SSL_SET_WFD				 196

#define SSL_F_SSL_SHUTDOWN				 224

#define SSL_F_SSL_UNDEFINED_FUNCTION			 197

#define SSL_F_SSL_USE_CERTIFICATE			 198

#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
@@ -1394,6 +1402,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); 
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243

#define SSL_R_UNEXPECTED_MESSAGE			 244

#define SSL_R_UNEXPECTED_RECORD				 245

#define SSL_R_UNITIALIZED				 275

#define SSL_R_UNKNOWN_ALERT_TYPE			 246

#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247

#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248

ssl/ssl_err.c

+3 −0
Original line number Diff line number Diff line
@@ -160,6 +160,7 @@ static ERR_STRING_DATA SSL_str_functs[]= 
{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),	"SSL_INIT_WBIO_BUFFER"},

{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),	"SSL_load_client_CA_file"},

{ERR_PACK(0,SSL_F_SSL_NEW,0),	"SSL_new"},

{ERR_PACK(0,SSL_F_SSL_READ,0),	"SSL_read"},

{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),	"SSL_RSA_PRIVATE_DECRYPT"},

{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),	"SSL_RSA_PUBLIC_ENCRYPT"},

{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),	"SSL_SESSION_new"},
@@ -171,6 +172,7 @@ static ERR_STRING_DATA SSL_str_functs[]= 
{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),	"SSL_set_session"},

{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),	"SSL_set_session_id_context"},

{ERR_PACK(0,SSL_F_SSL_SET_WFD,0),	"SSL_set_wfd"},

{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),	"SSL_shutdown"},

{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),	"SSL_UNDEFINED_FUNCTION"},

{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),	"SSL_use_certificate"},

{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),	"SSL_use_certificate_ASN1"},
@@ -366,6 +368,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= 
{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},

{SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},

{SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},

{SSL_R_UNITIALIZED                       ,"unitialized"},

{SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},

{SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},

{SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},

ssl/ssl_lib.c

+26 −0
Original line number Diff line number Diff line
@@ -592,11 +592,19 @@ int SSL_check_private_key(SSL *ssl) 


int SSL_accept(SSL *s)

	{

	if (s->handshake_func == 0)

		/* Not properly initialized yet */

		SSL_set_accept_state(s);



	return(s->method->ssl_accept(s));

	}



int SSL_connect(SSL *s)

	{

	if (s->handshake_func == 0)

		/* Not properly initialized yet */

		SSL_set_connect_state(s);



	return(s->method->ssl_connect(s));

	}
@@ -607,6 +615,12 @@ long SSL_get_default_timeout(SSL *s) 


int SSL_read(SSL *s,char *buf,int num)

	{

	if (s->handshake_func == 0)

		{

		SSLerr(SSL_F_SSL_READ, SSL_R_UNITIALIZED);

		return -1;

		}



	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)

		{

		s->rwstate=SSL_NOTHING;
@@ -626,6 +640,12 @@ int SSL_peek(SSL *s,char *buf,int num) 


int SSL_write(SSL *s,const char *buf,int num)

	{

	if (s->handshake_func == 0)

		{

		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNITIALIZED);

		return -1;

		}



	if (s->shutdown & SSL_SENT_SHUTDOWN)

		{

		s->rwstate=SSL_NOTHING;
@@ -637,6 +657,12 @@ int SSL_write(SSL *s,const char *buf,int num) 


int SSL_shutdown(SSL *s)

	{

	if (s->handshake_func == 0)

		{

		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNITIALIZED);

		return -1;

		}



	if ((s != NULL) && !SSL_in_init(s))

		return(s->method->ssl_shutdown(s));

	else