tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1843636 - /tomcat/native/trunk/native/src/sslnetwork.c
Date Fri, 12 Oct 2018 09:51:42 GMT
Author: rjung
Date: Fri Oct 12 09:51:42 2018
New Revision: 1843636

URL: http://svn.apache.org/viewvc?rev=1843636&view=rev
Log:
Tab polica.
No functional change.

Modified:
    tomcat/native/trunk/native/src/sslnetwork.c

Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1843636&r1=1843635&r2=1843636&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Fri Oct 12 09:51:42 2018
@@ -631,121 +631,121 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
     TCN_ASSERT(sock != 0);
     con = (tcn_ssl_conn_t *)s->opaque;
     session  = SSL_get_session(con->ssl);
-	apr_socket_timeout_get(con->sock, &timeout);
+    apr_socket_timeout_get(con->sock, &timeout);
 
 #if defined(SSL_OP_NO_TLSv1_3)
     if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
-    	// TLS 1.3 renegotiation
-    	retVal = SSL_verify_client_post_handshake(con->ssl);
-		if (retVal <= 0) {
-			return APR_EGENERAL;
-		}
-
-		con->pha_state = PHA_STARTED;
-
-		// Need to trigger a write operation to sent the cert request to the
-		// client. As per OpenSSL docs, use SSL_do_handshake() for this.
-		retVal = SSL_do_handshake(con->ssl);
-		if (retVal <= 0) {
-			return APR_EGENERAL;
-		}
-
-		// Trigger reading of the certs from the client
-		retVal = SSL_peek(con->ssl, peekbuf, 0);
-		if (retVal < 1) {
-			error = SSL_get_error(con->ssl, retVal);
-		}
-
-		// If the certs have not been received, then need to wait for I/O
-		while (con->pha_state == PHA_STARTED) {
-			// SSL_ERROR_WANT_READ is expected. Anything else is an error.
-			if (error == SSL_ERROR_WANT_READ) {
-				retVal = wait_for_io_or_timeout(con, error, timeout);
-				/*
-				 * Since this is blocking I/O, anything other than APR_SUCCESS is an
-				 * error.
-				 */
-				if (retVal != APR_SUCCESS) {
-					con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
-					return retVal;
-				}
-			} else {
-				return APR_EGENERAL;
-			}
-
-			// Re-try SSL_peek after I/O
-			retVal = SSL_peek(con->ssl, peekbuf, 0);
-			if (retVal < 1) {
-				error = SSL_get_error(con->ssl, retVal);
-			} else {
-				/*
-				 * Reset error to handle case where SSL_Peek returns 0 but
-				 * con->pha_state has not changed. This will trigger an error
-				 * to be returned.
-				 */
-				error = 0;
-			}
-		}
+        // TLS 1.3 renegotiation
+        retVal = SSL_verify_client_post_handshake(con->ssl);
+        if (retVal <= 0) {
+            return APR_EGENERAL;
+        }
+
+        con->pha_state = PHA_STARTED;
+
+        // Need to trigger a write operation to sent the cert request to the
+        // client. As per OpenSSL docs, use SSL_do_handshake() for this.
+        retVal = SSL_do_handshake(con->ssl);
+        if (retVal <= 0) {
+            return APR_EGENERAL;
+        }
+
+        // Trigger reading of the certs from the client
+        retVal = SSL_peek(con->ssl, peekbuf, 0);
+        if (retVal < 1) {
+            error = SSL_get_error(con->ssl, retVal);
+        }
+
+        // If the certs have not been received, then need to wait for I/O
+        while (con->pha_state == PHA_STARTED) {
+            // SSL_ERROR_WANT_READ is expected. Anything else is an error.
+            if (error == SSL_ERROR_WANT_READ) {
+                retVal = wait_for_io_or_timeout(con, error, timeout);
+                /*
+                 * Since this is blocking I/O, anything other than APR_SUCCESS is an
+                 * error.
+                 */
+                if (retVal != APR_SUCCESS) {
+                    con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+                    return retVal;
+                }
+            } else {
+                return APR_EGENERAL;
+            }
+
+            // Re-try SSL_peek after I/O
+            retVal = SSL_peek(con->ssl, peekbuf, 0);
+            if (retVal < 1) {
+                error = SSL_get_error(con->ssl, retVal);
+            } else {
+                /*
+                 * Reset error to handle case where SSL_Peek returns 0 but
+                 * con->pha_state has not changed. This will trigger an error
+                 * to be returned.
+                 */
+                error = 0;
+            }
+        }
     } else {
 #endif
-    	// TLS 1.2 and earlier renegotiation
+        // TLS 1.2 and earlier renegotiation
 
-		/* Toggle the renegotiation state to allow the new
-		 * handshake to proceed.
-		 */
-		con->reneg_state = RENEG_ALLOW;
-
-		// Schedule a renegotiation request
-		retVal = SSL_renegotiate(con->ssl);
-		if (retVal <= 0) {
-			return APR_EGENERAL;
-		}
-
-		/* Need to trigger the renegotiation handshake by reading.
-		 * Peeking 0 bytes actually works.
-		 * See: http://marc.info/?t=145493359200002&r=1&w=2
-		 *
-		 * This will normally return SSL_ERROR_WANT_READ whether the renegotiation
-		 * has been completed or not. Afterwards, need to determine if I/O needs to
-		 * be triggered or not.
-		 */
-		retVal = SSL_peek(con->ssl, peekbuf, 0);
-		if (retVal < 1) {
-			error = SSL_get_error(con->ssl, retVal);
-		}
-
-		// If the renegotiation is still pending, then I/O needs to be triggered
-		while (SSL_renegotiate_pending(con->ssl)) {
-			// SSL_ERROR_WANT_READ is expected. Anything else is an error.
-			if (error == SSL_ERROR_WANT_READ) {
-				retVal = wait_for_io_or_timeout(con, error, timeout);
-				/*
-				 * Since this is blocking I/O, anything other than APR_SUCCESS is an
-				 * error.
-				 */
-				if (retVal != APR_SUCCESS) {
-					con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
-					return retVal;
-				}
-			} else {
-				return APR_EGENERAL;
-			}
-
-			// Re-try SSL_peek after I/O
-			retVal = SSL_peek(con->ssl, peekbuf, 0);
-			if (retVal < 1) {
-				error = SSL_get_error(con->ssl, retVal);
-			} else {
-				/*
-				 * Reset error to handle case where SSL_Peek returns 0 but
-				 * SSL_renegotiate_pending returns true. This will trigger an error
-				 * to be returned.
-				 */
-				error = 0;
-			}
-		}
+        /* Toggle the renegotiation state to allow the new
+         * handshake to proceed.
+         */
+        con->reneg_state = RENEG_ALLOW;
+
+        // Schedule a renegotiation request
+        retVal = SSL_renegotiate(con->ssl);
+        if (retVal <= 0) {
+            return APR_EGENERAL;
+        }
+
+        /* Need to trigger the renegotiation handshake by reading.
+         * Peeking 0 bytes actually works.
+         * See: http://marc.info/?t=145493359200002&r=1&w=2
+         *
+         * This will normally return SSL_ERROR_WANT_READ whether the renegotiation
+         * has been completed or not. Afterwards, need to determine if I/O needs to
+         * be triggered or not.
+         */
+        retVal = SSL_peek(con->ssl, peekbuf, 0);
+        if (retVal < 1) {
+            error = SSL_get_error(con->ssl, retVal);
+        }
+
+        // If the renegotiation is still pending, then I/O needs to be triggered
+        while (SSL_renegotiate_pending(con->ssl)) {
+            // SSL_ERROR_WANT_READ is expected. Anything else is an error.
+            if (error == SSL_ERROR_WANT_READ) {
+                retVal = wait_for_io_or_timeout(con, error, timeout);
+                /*
+                 * Since this is blocking I/O, anything other than APR_SUCCESS is an
+                 * error.
+                 */
+                if (retVal != APR_SUCCESS) {
+                    con->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+                    return retVal;
+                }
+            } else {
+                return APR_EGENERAL;
+            }
+
+            // Re-try SSL_peek after I/O
+            retVal = SSL_peek(con->ssl, peekbuf, 0);
+            if (retVal < 1) {
+                error = SSL_get_error(con->ssl, retVal);
+            } else {
+                /*
+                 * Reset error to handle case where SSL_Peek returns 0 but
+                 * SSL_renegotiate_pending returns true. This will trigger an error
+                 * to be returned.
+                 */
+                error = 0;
+            }
+        }
 
-		con->reneg_state = RENEG_REJECT;
+        con->reneg_state = RENEG_REJECT;
 #if defined(SSL_OP_NO_TLSv1_3)
     }
 #endif



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message