From 6a5484e03e903d3e74d7b6ca8927d616548a6d8c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 26 Dec 2021 22:15:08 +0100 Subject: wolfSSL: work around SSL_peek() error on handshake See https://github.com/wolfSSL/wolfssl/issues/4593 The earlier assumption that SSL_CTX_set_mode() worked was untrue (wolfSSL 5.0.0 does not implement it), and masked by the selection of servers used for testing. Also, wolfSSL 5.0.0 does not implement SSL_CTX_set_mode(), which went unnoticed because the interface does not support returning errors (it returns the updated mode bitfield value). --- socket.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/socket.c b/socket.c index 637c3df3..d898fb53 100644 --- a/socket.c +++ b/socket.c @@ -526,7 +526,15 @@ int SockRead(int sock, char *buf, int len) or did the connection blow up? If we got an error then bail! */ e = SSL_get_error(ssl, n); - if (SSL_ERROR_NONE != e) { + if (SSL_ERROR_NONE != e +#ifdef USING_WOLFSSL + /* wolfSSL 5.0.0 may return SSL_ERROR_WANT_READ when + * receiving HANDSHAKE instead of app data on SSL_peek + * https://github.com/wolfSSL/wolfssl/issues/4593 */ + && SSL_ERROR_WANT_READ != e +#endif + ) + { ERR_print_errors_fp(stderr); return -1; } -- cgit v1.2.3