Remove a call to SSL_set_state from s_server

s_server was (ab)using SSL_set_state to force a renegotiation. This is a bad way to do things and does not work with the new state machine code, so we need to do it a different way. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-09-11 13:11:37 +0100
committer: Matt Caswell <matt@openssl.org> 2015-10-30 08:38:18 +0000
commit: 075c8795857de6746ee662e50ebe44055a494f51 (patch)
tree: fdc31f25ae866b15b4e5828fc2c8ab4209f59e65 /apps/s_server.c
parent: e0a51488c335e0c61e929e71828fab1252335062 (diff)
1 files changed, 19 insertions, 7 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 6d68fc1c32..f897c4fb82 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2567,6 +2567,11 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
 #ifdef RENEG
     int total_bytes = 0;
 #endif
+    int width;
+    fd_set readfds;
+
+    /* Set width for a select call if needed */
+    width = s + 1;
 
     buf = app_malloc(bufsize, "server www buffer");
     io = BIO_new(BIO_f_buffer());
@@ -2684,6 +2689,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                                    NULL);
                 i = SSL_renegotiate(con);
                 BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
+                /* Send the HelloRequest */
                 i = SSL_do_handshake(con);
                 if (i <= 0) {
                     BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
@@ -2691,16 +2697,22 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                     ERR_print_errors(bio_err);
                     goto err;
                 }
-                /* EVIL HACK! */
-                SSL_set_state(con, SSL_ST_ACCEPT);
-                i = SSL_do_handshake(con);
-                BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n", i);
-                if (i <= 0) {
-                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
-                               SSL_get_error(con, i));
+                /* Wait for a ClientHello to come back */
+                FD_ZERO(&readfds);
+                openssl_fdset(s, &readfds);
+                i = select(width, (void *)&readfds, NULL, NULL, NULL);
+                if (i <= 0 || !FD_ISSET(s, &readfds)) {
+                    BIO_printf(bio_s_out, "Error waiting for client response\n");
                     ERR_print_errors(bio_err);
                     goto err;
                 }
+                /*
+                 * We're not acutally expecting any data here and we ignore
+                 * any that is sent. This is just to force the handshake that
+                 * we're expecting to come from the client. If they haven't
+                 * sent one there's not much we can do.
+                 */
+                BIO_gets(io, buf, bufsize - 1);
             }
 
             BIO_puts(io,
author	Matt Caswell <matt@openssl.org>	2015-09-11 13:11:37 +0100
committer	Matt Caswell <matt@openssl.org>	2015-10-30 08:38:18 +0000
commit	075c8795857de6746ee662e50ebe44055a494f51 (patch)
tree	fdc31f25ae866b15b4e5828fc2c8ab4209f59e65 /apps/s_server.c
parent	e0a51488c335e0c61e929e71828fab1252335062 (diff)