You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2009/09/18 18:13:30 UTC
svn commit: r816696 - /tomcat/native/branches/1.1.x/native/src/sslnetwork.c
Author: jfclere
Date: Fri Sep 18 16:13:30 2009
New Revision: 816696
URL: http://svn.apache.org/viewvc?rev=816696&view=rev
Log:
While testing with FF and a bunch of client certificates the SSL_do_handshake()
failed and need to be retrying until the certificate is choosen in the browser.
Modified:
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=816696&r1=816695&r2=816696&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Fri Sep 18 16:13:30 2009
@@ -563,6 +563,7 @@
tcn_socket_t *s = J2P(sock, tcn_socket_t *);
tcn_ssl_conn_t *con;
int retVal;
+ int ecode = SSL_ERROR_WANT_READ;
UNREFERENCED_STDARGS;
TCN_ASSERT(sock != 0);
@@ -582,11 +583,30 @@
if (retVal <= 0)
return APR_EGENERAL;
+ if (SSL_get_state(con->ssl) != SSL_ST_OK) {
+ return APR_EGENERAL;
+ }
con->ssl->state = SSL_ST_ACCEPT;
- retVal = SSL_do_handshake(con->ssl);
- if (retVal <= 0)
+ ecode = SSL_ERROR_WANT_READ;
+ while (ecode == SSL_ERROR_WANT_READ) {
+ retVal = SSL_do_handshake(con->ssl);
+ if (retVal <= 0) {
+ ecode = SSL_get_error(con->ssl, retVal);
+ if (ecode == SSL_ERROR_WANT_READ) {
+ if (wait_for_io_or_timeout(con, ecode) != APR_SUCCESS)
+ return APR_EGENERAL; /* Can't wait */
+ continue; /* It should be ok now */
+ }
+ else
+ return APR_EGENERAL;
+ } else
+ break;
+ }
+
+ if (SSL_get_state(con->ssl) != SSL_ST_OK) {
return APR_EGENERAL;
+ }
return APR_SUCCESS;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org