diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2021-12-26 22:15:08 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2021-12-26 22:17:43 +0100 |
| commit | 6a5484e03e903d3e74d7b6ca8927d616548a6d8c (patch) | |
| tree | 1593eb8b86233342b6a04efaaccb9c6875a935b0 | |
| parent | 97e8bb794642b677aca867488950ef845bfbe02f (diff) | |
| download | fetchmail-6a5484e03e903d3e74d7b6ca8927d616548a6d8c.tar.gz fetchmail-6a5484e03e903d3e74d7b6ca8927d616548a6d8c.tar.bz2 fetchmail-6a5484e03e903d3e74d7b6ca8927d616548a6d8c.zip | |
wolfSSL: work around SSL_peek() error on handshake
See https://github.com/wolfSSL/wolfssl/issues/4593
The earlier assumption that SSL_CTX_set_mode() worked was
untrue (wolfSSL 5.0.0 does not implement it), and masked
by the selection of servers used for testing.
Also, wolfSSL 5.0.0 does not implement SSL_CTX_set_mode(),
which went unnoticed because the interface does not support
returning errors (it returns the updated mode bitfield value).
| -rw-r--r-- | socket.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -526,7 +526,15 @@ int SockRead(int sock, char *buf, int len) or did the connection blow up? If we got an error then bail! */ e = SSL_get_error(ssl, n); - if (SSL_ERROR_NONE != e) { + if (SSL_ERROR_NONE != e +#ifdef USING_WOLFSSL + /* wolfSSL 5.0.0 may return SSL_ERROR_WANT_READ when + * receiving HANDSHAKE instead of app data on SSL_peek + * https://github.com/wolfSSL/wolfssl/issues/4593 */ + && SSL_ERROR_WANT_READ != e +#endif + ) + { ERR_print_errors_fp(stderr); return -1; } |