wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2204 from dgarske/server_fixups

Browse Source 
Improvements to TLS write handling in error cases
This commit is contained in:
toddouska
2019-04-18 09:21:27 -07:00
committed by GitHub
parent 2cf264a9d5 68390b1ba3
commit 378f5c0d4b
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
examples/server/server.c
View File

@@ -368,6 +368,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
err != WOLFSSL_ERROR_ZERO_RETURN) { err != WOLFSSL_ERROR_ZERO_RETURN) {
printf("SSL_read echo error %d\n", err); printf("SSL_read echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_read failed"); err_sys_ex(runWithErrors, "SSL_read failed");
break;
} }
} }
else { else {
@@ -2217,8 +2218,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
} }
#endif /* HAVE_SECURE_RENEGOTIATION */ #endif /* HAVE_SECURE_RENEGOTIATION */
if (err != WOLFSSL_ERROR_ZERO_RETURN && echoData == 0 && if (err == 0 && echoData == 0 && throughput == 0) {
throughput == 0) {
const char* write_msg; const char* write_msg;
int write_msg_sz; int write_msg_sz;
@@ -2247,7 +2247,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
ServerRead(ssl, input, sizeof(input)-1); ServerRead(ssl, input, sizeof(input)-1);
#endif #endif
} }
else { else if (err == 0 || err == WOLFSSL_ERROR_ZERO_RETURN) {
ServerEchoData(ssl, clientfd, echoData, block, throughput); ServerEchoData(ssl, clientfd, echoData, block, throughput);
} }

16
src/internal.c
View File

@@ -15223,14 +15223,18 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
ssl->error = 0; ssl->error = 0;
} }
#ifdef WOLFSSL_DTLS /* don't allow write after decrypt or mac error */
if (ssl->options.dtls) { if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) {
/* In DTLS mode, we forgive some errors and allow the session /* For DTLS allow these possible errors and allow the session
* to continue despite them. */ to continue despite them */
if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR) if (ssl->options.dtls) {
ssl->error = 0; ssl->error = 0;
}
else {
WOLFSSL_MSG("Not allowing write after decrypt or mac error");
return WOLFSSL_FATAL_ERROR;
}
} }
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
if (ssl->earlyData != no_early_data) { if (ssl->earlyData != no_early_data) {