Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1750310014, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"1f9daa1fda0db2c81dd5861ae294a9b5", "commit": {"type":"commit", "time": 1576791009, "time_ofs": 0, "oid_tree": { "oid": "7f5b11514c2f576f6dd9b853b4353c9625bb79ed", "alias": []}, "oid":{ "oid": "ea50c8722cfa792355e2e15436f193e08b0fd173", "alias": []}, "msg": "openssl: handle negotiation errors handling in client", "sig_commit": { "git_time": { "time": 1576791009, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1576788354, "offset": 60 }, "name": "Wojtek Kaniewski", "email": "wojtekka@toxygen.net", "md5": "d85b53be43022dd6338c0bdaa25dee4d" }}, "body": "openssl: handle negotiation errors handling in client\n\nIf a client connects to a SSL server and the server sends handshake\nalert (e.g. no matching ciphers) SSL_connect() fails, but because\nSSL_ERROR_SSL return value is not handled, it's not considered a\nfailure. SSL_want_read() will return 1 and the client will happily wait\nfor more data from the server. Now if the server closes connection after\nsending handshake alert, POLLIN event will be triggered,\nlws_tls_client_connect() called again, but SSL_connect() will fail\nwithout calling read(), so the client will end up consuming 100% CPU\nbecause POLLIN will be triggered repeatedly.\n\nSimilar error handling is used in lws_tls_server_accept() and the\ncondition checks for SSL_ERROR_SSL. Using the same condition in\nlws_tls_client_connect() fixes the problem.\n\nTested with OpenSSL 1.0.2k.\n" , "diff": "diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c\nindex 96f4fdb..a8ea728 100644\n--- a/lib/tls/openssl/openssl-client.c\n+++ b/lib/tls/openssl/openssl-client.c\n@@ -380,7 +380,7 @@ lws_tls_client_connect(struct lws *wsi)\n \n \tm \u003d lws_ssl_get_error(wsi, n);\n \n-\tif (m \u003d\u003d SSL_ERROR_SYSCALL)\n+\tif (m \u003d\u003d SSL_ERROR_SYSCALL || m \u003d\u003d SSL_ERROR_SSL)\n \t\treturn LWS_SSL_CAPABLE_ERROR;\n \n \tif (m \u003d\u003d SSL_ERROR_WANT_READ || SSL_want_read(wsi-\u003etls.ssl))\n","s":{"c":1750310014,"u": 3941}} ],"g": 5488,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}