www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

check SSL_do_handshake(3) return value

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908964 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Giovanni Bechis
2023-04-04 16:46:05 +00:00
parent 11284b9d3b
commit 132d4ee48f
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/log-message-tags/next-number
View File

@@ -1 +1 @@
10421 10422

10
modules/ssl/ssl_engine_kernel.c
View File

@@ -78,9 +78,8 @@ static apr_status_t upgrade_connection(request_rec *r)
/* Perform initial SSL handshake. */ /* Perform initial SSL handshake. */
SSL_set_accept_state(ssl); SSL_set_accept_state(ssl);
SSL_do_handshake(ssl);
if (!SSL_is_init_finished(ssl)) { if ((SSL_do_handshake(ssl) != 1) || !SSL_is_init_finished(ssl)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030) ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
"TLS upgrade handshake failed"); "TLS upgrade handshake failed");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
@@ -1182,7 +1181,12 @@ static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirCon
modssl_set_app_data2(ssl, r); modssl_set_app_data2(ssl, r);
SSL_do_handshake(ssl); if(SSL_do_handshake(ssl) != 1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10421)
"TLS handshake failure");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
return HTTP_FORBIDDEN;
}
/* Need to trigger renegotiation handshake by reading. /* Need to trigger renegotiation handshake by reading.
* Peeking 0 bytes actually works. * Peeking 0 bytes actually works.
* See: http://marc.info/?t=145493359200002&r=1&w=2 * See: http://marc.info/?t=145493359200002&r=1&w=2