From abfc13cfed4534279d5ba7abcce80ceea26a7cc0 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 28 Nov 2021 13:05:55 +0100 Subject: socket.c: SSL_CTX_set_mode(SSL_MODE_AUTO_RETRY) This is the proper fix for wolfSSL 5.0 and OpenSSL before 1.1.1 to avoid the "SSL_peek()" not truly blocking issue. Only OpenSSL 1.1.1 enables this mode by default, so make this explicit. --- socket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/socket.c b/socket.c index bb3c1f16..8ac0ae79 100644 --- a/socket.c +++ b/socket.c @@ -1162,7 +1162,9 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } - SSL_CTX_set_options(_ctx[sock], sslopts | avoid_ssl_versions); + (void)SSL_CTX_set_options(_ctx[sock], sslopts | avoid_ssl_versions); + + (void)SSL_CTX_set_mode(_ctx[sock], SSL_MODE_AUTO_RETRY); if (certck) { SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); -- cgit v1.2.3