Google Git
Sign in
apache / serf / 05fe765ec39020f0ed41d451b82e287cb8be2e86
commit05fe765ec39020f0ed41d451b82e287cb8be2e86[log] [tgz]
authorEvgeny Kotkov <kotkov@apache.org>Tue Jun 28 09:36:08 2022 +0000
committerEvgeny Kotkov <kotkov@apache.org>Tue Jun 28 09:36:08 2022 +0000
tree436d19af0b015ed8b20d68893789545788012616
parent14f824645ed88803edceefd91ba1c2859c58aac4 [diff]
Fix the return value for unknown controls in the BIO control functions.

According to the BIO_ctrl() manual page [1]:

[[[
Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() operation.
]]]

OpenSSL 3.0 adds support for Kernel TLS and uses new controls to determine if
KTLS is used for sending or receiving:

1) BIO_get_ktls_send()
2) BIO_get_ktls_recv()

These controls return 1 if KTLS is used and 0 if not [2].

As a result, OpenSSL believed that serf BIOs support KTLS and thus handle TLS
header insertion and encryption/decryption in the BIO layer, breaking the use
of HTTPS. This bug was observed in FreeBSD [3].

[1] https://www.openssl.org/docs/manmaster/man3/BIO_ctrl.html#NOTES
[2] https://www.openssl.org/docs/manmaster/man3/BIO_ctrl.html#RETURN-VALUES
[3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135

Patch by: Denis Kovalchuk <denis.kovalchuk{_AT_}visualsvn.com>

* buckets/ssl_buckets.c
  (bio_bucket_ctrl,
   bio_file_ctrl): Return 0 for unknown controls.

* test/MockHTTPinC/MockHTTP_server.c
  (bio_apr_socket_ctrl): Return 0 for unknown controls.


git-svn-id: https://svn.apache.org/repos/asf/serf/trunk@1902304 13f79535-47bb-0310-9956-ffa450edef68
2 files changed
tree: 436d19af0b015ed8b20d68893789545788012616
  1. auth/
  2. bindings/
  3. buckets/
  4. build/
  5. protocols/
  6. src/
  7. test/
  8. .editorconfig
  9. CHANGES
  10. CMakeLists.txt
  11. design-guide.txt
  12. dist.sh
  13. LICENSE
  14. NOTICE
  15. README
  16. SConstruct
  17. serf.h
  18. serf.rc
  19. serf_bucket_types.h
  20. serf_bucket_util.h
  21. serf_private.h