git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Rainer Jung <rjung@apache.org>
	Sun, 14 Feb 2016 11:24:39 +0000 (11:24 +0000)
committer	Rainer Jung <rjung@apache.org>
	Sun, 14 Feb 2016 11:24:39 +0000 (11:24 +0000)
commit	e2017967f973e0c418fb85488cd948c955a08d52
tree	f44ec517871cdc469891a4e4762c8334361e340b	tree \| snapshot
parent	434a3b97174fe13fc09e230ce4ddfceb75e6d20c	commit \| diff

Support for OpenSSL 1.1.0:
- use SSL_peek instead of looping with
has_buffered_data().

This fixes t/security/CVE-2009-3555.t where
has_buffered_data() doesn't help, because it
finds the buffered data and doesn't call
SSL_read(), so the reneg handshake isn't
triggered. SSL_peek() for 0 bytes seems to
reliably trigger the reneg in every case.

No more polling/sleeping. The code for the
OpenSSL 1.1.0 case is now again very close to
the pre 1.1.0 case.

Still need to run the full test suite with a
clean build.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1730316 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c		diff \| blob \| blame \| history
modules/ssl/ssl_private.h		diff \| blob \| blame \| history