From bcca842e0d2b2a70b776cf888572739bda11dac7 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sat, 28 Jan 2017 19:45:52 +0100 Subject: [PATCH] polarssl: fix hangs This bugfix is similar to commit c111178bd4. --- docs/KNOWN_BUGS | 22 ++++++---------------- lib/vtls/polarssl.c | 8 ++++++++ lib/vtls/polarssl.h | 3 ++- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 80feba071..12eeedd02 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -24,10 +24,9 @@ problems may have been fixed or changed somewhat since this was written! 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS - 2.1 Hangs with PolarSSL - 2.2 CURLINFO_SSL_VERIFYRESULT has limited support - 2.3 DER in keychain - 2.4 GnuTLS backend skips really long certificate fields + 2.1 CURLINFO_SSL_VERIFYRESULT has limited support + 2.2 DER in keychain + 2.3 GnuTLS backend skips really long certificate fields 3. Email protocols 3.1 IMAP SEARCH ALL truncated response @@ -207,26 +206,17 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS -2.1 Hangs with PolarSSL - - "curl_easy_perform hangs with imap and PolarSSL" - https://github.com/curl/curl/issues/334 - - Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is - necessary. Or if we just wait a little longer we'll rip out all support for - PolarSSL instead... - -2.2 CURLINFO_SSL_VERIFYRESULT has limited support +2.1 CURLINFO_SSL_VERIFYRESULT has limited support CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends, so relying on this information in a generic app is flaky. -2.3 DER in keychain +2.2 DER in keychain Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 -2.4 GnuTLS backend skips really long certificate fields +2.3 GnuTLS backend skips really long certificate fields libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the field is too long in the cert, it'll just return an error and the field will diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 4bba3e3f2..1a9421d82 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -816,4 +816,12 @@ void Curl_polarssl_cleanup(void) (void)Curl_polarsslthreadlock_thread_cleanup(); } + +int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) +{ + ssl_context *ssl = + (ssl_context *)&conn->ssl[sockindex].ssl; + return ssl->in_msglen != 0; +} + #endif /* USE_POLARSSL */ diff --git a/lib/vtls/polarssl.h b/lib/vtls/polarssl.h index 7098b24a4..47af7b417 100644 --- a/lib/vtls/polarssl.h +++ b/lib/vtls/polarssl.h @@ -31,6 +31,7 @@ /* Called on first use PolarSSL, setup threading if supported */ int Curl_polarssl_init(void); void Curl_polarssl_cleanup(void); +int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); @@ -69,7 +70,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_version Curl_polarssl_version #define curlssl_check_cxn(x) ((void)x, -1) -#define curlssl_data_pending(x,y) ((void)x, (void)y, 0) +#define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) /* This might cause libcurl to use a weeker random!