diff --git a/src/internal.c b/src/internal.c index 067f720bd..c006d3829 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8967,6 +8967,8 @@ retry: return -1; case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */ + if (ssl->ctx->autoRetry) + goto retry; return WANT_READ; case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */ diff --git a/src/ssl.c b/src/ssl.c index a6b1e7e31..96e464a30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -510,6 +510,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) #ifdef OPENSSL_COMPATIBLE_DEFAULTS if (ctx) { wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); + wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); if (wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION) != WOLFSSL_SUCCESS || #ifdef HAVE_ANON @@ -19896,6 +19897,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); break; #endif + case SSL_MODE_AUTO_RETRY: + ctx->autoRetry = 1; + break; default: WOLFSSL_MSG("Mode Not Implemented"); } @@ -19905,6 +19909,33 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return mode; } + + long wolfSSL_CTX_clear_mode(WOLFSSL_CTX* ctx, long mode) + { + /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ + + WOLFSSL_ENTER("SSL_CTX_set_mode"); + switch(mode) { + case SSL_MODE_ENABLE_PARTIAL_WRITE: + ctx->partialWrite = 0; + break; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + case SSL_MODE_RELEASE_BUFFERS: + WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); + break; + #endif + case SSL_MODE_AUTO_RETRY: + ctx->autoRetry = 0; + break; + default: + WOLFSSL_MSG("Mode Not Implemented"); + } + + /* SSL_MODE_AUTO_RETRY + * Should not return -1 with renegotiation on read/write */ + + return 0; + } #endif #ifdef OPENSSL_EXTRA diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4ff80d84d..0312e517b 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2811,6 +2811,7 @@ struct WOLFSSL_CTX { byte haveFalconSig:1; /* server cert signed w/ Falcon */ byte haveStaticECC:1; /* static server ECC private key */ byte partialWrite:1; /* only one msg per write call */ + byte autoRetry:1; /* retry read/write on a WANT_{READ|WRITE} */ byte quietShutdown:1; /* don't send close notify */ byte groupMessages:1; /* group handshake messages before sending */ byte minDowngrade; /* minimum downgrade version */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d5d5de371..f307b743f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1000,6 +1000,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_check_private_key wolfSSL_check_private_key #define SSL_CTX_set_mode wolfSSL_CTX_set_mode +#define SSL_CTX_clear_mode wolfSSL_CTX_clear_mode #define SSL_CTX_get_mode wolfSSL_CTX_get_mode #define SSL_CTX_set_default_read_ahead wolfSSL_CTX_set_default_read_ahead diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d9b7d95d1..1544c5294 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2146,8 +2146,9 @@ enum { SSL_CB_MODE_WRITE = 2, SSL_MODE_ENABLE_PARTIAL_WRITE = 2, - SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io - * and auto retry */ + SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE} + * to the user. This is set by default with + * OPENSSL_COMPATIBLE_DEFAULTS. */ SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ BIO_CLOSE = 1, @@ -2483,6 +2484,7 @@ WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void); WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode); +WOLFSSL_API long wolfSSL_CTX_clear_mode(WOLFSSL_CTX* ctx, long mode); WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);