You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dirk-Willem van Gulik <di...@covalent.net> on 2001/10/10 19:11:43 UTC
SSL on FreeBSD
To get jabber 1.4.1 to do SSL on FreeBSD I needed to do what is below. It
seems that the exit code is more subtle than just ok/nok.
Dw.
diff -c3 -r jabber-1.4.1/jabberd/mio_ssl.c
jabber-1.4.1.new/jabberd/mio_ssl.c
*** jabber-1.4.1/jabberd/mio_ssl.c Thu Feb 1 12:46:49 2001
--- jabber-1.4.1.new/jabberd/mio_ssl.c Mon Oct 1 13:26:17 2001
***************
*** 3,8 ****
--- 3,9 ----
#ifdef HAVE_SSL
HASHTABLE ssl__ctxs;
+ #include <openssl/err.h>
#ifndef NO_RSA
/* This function will generate a temporary key for us */
***************
*** 165,183 ****
log_debug(ZONE, "SSL accepting socket with new session %x", ssl);
SSL_set_fd(ssl, fd);
SSL_set_accept_state(ssl);
! if(SSL_accept(ssl) <= 0){
unsigned long e;
static char *buf;
e = ERR_get_error();
buf = ERR_error_string(e, NULL);
! log_debug(ZONE, "Error from SSL: %s", buf);
log_debug(ZONE, "SSL Error in SSL_accept call");
SSL_free(ssl);
close(fd);
return -1;
}
!
m->ssl = ssl;
log_debug(ZONE, "Accepted new SSL socket %d for %s", fd, m->ip);
--- 166,191 ----
log_debug(ZONE, "SSL accepting socket with new session %x", ssl);
SSL_set_fd(ssl, fd);
SSL_set_accept_state(ssl);
! redo:
! { int ex = SSL_accept(ssl);
!
! if (ex < 0) {
! /* not right - 0 is controlled shutdown; -1 can have more meanings
*/
unsigned long e;
static char *buf;
e = ERR_get_error();
+ if ((e==0) || (e == SSL_ERROR_WANT_READ) || ( e ==
SSL_ERROR_WANT_WRITE))
+ goto redo;
+
buf = ERR_error_string(e, NULL);
! log_debug(ZONE, "Error %d/%d from SSL: %s", ex,e,buf);
log_debug(ZONE, "SSL Error in SSL_accept call");
SSL_free(ssl);
close(fd);
return -1;
}
! }
m->ssl = ssl;
log_debug(ZONE, "Accepted new SSL socket %d for %s", fd, m->ip);