diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2020-01-21 05:02:54 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2020-01-21 05:02:54 +0000 |
| commit | 2131465f078db9beb54b70f705c929d47603404d (patch) | |
| tree | 2fd8d4bb56236c67bcecd99bb0bee1578d7c6f02 /usr.bin/ftp | |
| parent | 7ba7b897607f6558c3ebc8ff74bb71515100fcd5 (diff) | |
Fix tls_handshake() usage which was added without checking return values
correctly. This would break ftp when the handshake doesn't complete in one
shot. (noticed when making tls 1.3 connections to cloudflare.cdn)
ok jsing@
Diffstat (limited to 'usr.bin/ftp')
| -rw-r--r-- | usr.bin/ftp/fetch.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 64c925230e9..c5954a57df6 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.186 2020/01/15 14:49:38 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.187 2020/01/21 05:02:53 beck Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -631,6 +631,7 @@ noslash: #ifndef NOSSL if (ishttpsurl) { + ssize_t ret; if (proxyenv && sslpath) { ishttpsurl = 0; proxyurl = NULL; @@ -646,16 +647,19 @@ noslash: goto cleanup_url_get; } if (tls_configure(tls, tls_config) != 0) { - fprintf(ttyout, "SSL configuration failure: %s\n", + fprintf(ttyout, "TLS configuration failure: %s\n", tls_error(tls)); goto cleanup_url_get; } if (tls_connect_socket(tls, fd, sslhost) != 0) { - fprintf(ttyout, "SSL failure: %s\n", tls_error(tls)); + fprintf(ttyout, "TLS connect failure: %s\n", tls_error(tls)); goto cleanup_url_get; } - if (tls_handshake(tls) != 0) { - fprintf(ttyout, "SSL failure: %s\n", tls_error(tls)); + do { + ret = tls_handshake(tls); + } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); + if (ret != 0) { + fprintf(ttyout, "TLS handshake failure: %s\n", tls_error(tls)); goto cleanup_url_get; } fin = funopen(tls, stdio_tls_read_wrapper, |