commit | 05fe765ec39020f0ed41d451b82e287cb8be2e86 | [log] [tgz] |
---|---|---|
author | Evgeny Kotkov <kotkov@apache.org> | Tue Jun 28 09:36:08 2022 +0000 |
committer | Evgeny Kotkov <kotkov@apache.org> | Tue Jun 28 09:36:08 2022 +0000 |
tree | 436d19af0b015ed8b20d68893789545788012616 | |
parent | 14f824645ed88803edceefd91ba1c2859c58aac4 [diff] |
Fix the return value for unknown controls in the BIO control functions. According to the BIO_ctrl() manual page [1]: [[[ Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() operation. ]]] OpenSSL 3.0 adds support for Kernel TLS and uses new controls to determine if KTLS is used for sending or receiving: 1) BIO_get_ktls_send() 2) BIO_get_ktls_recv() These controls return 1 if KTLS is used and 0 if not [2]. As a result, OpenSSL believed that serf BIOs support KTLS and thus handle TLS header insertion and encryption/decryption in the BIO layer, breaking the use of HTTPS. This bug was observed in FreeBSD [3]. [1] https://www.openssl.org/docs/manmaster/man3/BIO_ctrl.html#NOTES [2] https://www.openssl.org/docs/manmaster/man3/BIO_ctrl.html#RETURN-VALUES [3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 Patch by: Denis Kovalchuk <denis.kovalchuk{_AT_}visualsvn.com> * buckets/ssl_buckets.c (bio_bucket_ctrl, bio_file_ctrl): Return 0 for unknown controls. * test/MockHTTPinC/MockHTTP_server.c (bio_apr_socket_ctrl): Return 0 for unknown controls. git-svn-id: https://svn.apache.org/repos/asf/serf/trunk@1902304 13f79535-47bb-0310-9956-ffa450edef68