Retry when SSL_read fails with SSL_ERROR_WANT_READ. Fixes the case where

an https server attempts renegotiation. ok jung@

1 files changed, 12 insertions, 4 deletions

diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index 03ebee9b4ac..af59f51ab0e 100644
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fetch.c,v 1.108 2013/03/30 10:11:35 tobias Exp $	*/
+/*	$OpenBSD: fetch.c,v 1.109 2013/04/09 08:58:46 sthen Exp $	*/
 /*	$NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $	*/
 
 /*-
@@ -751,7 +751,7 @@ again:
 	switch (status) {
 	case 200:	/* OK */
 #ifndef SMALL
-		/*              
+		/*
 		 * When we request a partial file, and we receive an HTTP 200
 		 * it is a good indication that the server doesn't support
 		 * range requests, and is about to send us the entire file.
@@ -1485,6 +1485,7 @@ SSL_readline(SSL *ssl, size_t *lenp)
 {
 	size_t i, len;
 	char *buf, *q, c;
+	int ret;
 
 	len = 128;
 	if ((buf = malloc(len)) == NULL)
@@ -1496,8 +1497,15 @@ SSL_readline(SSL *ssl, size_t *lenp)
 			buf = q;
 			len *= 2;
 		}
-		if (SSL_read(ssl, &c, 1) <= 0)
-			break;
+again:
+		ret = SSL_read(ssl, &c, 1);
+		if (ret <= 0) {
+			if (SSL_get_error(ssl, ret) == SSL_ERROR_WANT_READ)
+				goto again;
+			else
+				errx(1, "SSL_read error: %u",
+				    SSL_get_error(ssl, ret));
+		}
 		buf[i] = c;
 		if (c == '\n')
 			break;