ssl: fix OpenSSL modes to correct non-blocking behaviorissue586

OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to on. Because rabbitmq-c uses non-blocking calls internally, this must be disabled. Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to return before a full frame is written. This is likely a latent bug that hasn't been found until recently. Fixes #586
author: Alan Antonuk <alan.antonuk@gmail.com> 2019-12-11 00:09:14 -0800
committer: Alan Antonuk <alan.antonuk@gmail.com> 2019-12-11 00:13:19 -0800
commit: 4d7a9cdae39f0c7bd54354f37b32cf2f05e9fad6 (patch)
tree: b29e3ed6e00dfb4eb37f7d178b4134144d251014
parent: fef39faa56f803af6ab30e9a927437542048c42f (diff)
download: rabbitmq-c-issue586.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 4915a6a..b6aaa70 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -355,6 +355,11 @@ amqp_socket_t *amqp_ssl_socket_new(amqp_connection_state_t state) {
   /* Disable SSLv2 and SSLv3 */
   SSL_CTX_set_options(self->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
+  SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+  /* OpenSSL v1.1.1 turns this on by default, which makes the non-blocking
+   * logic not behave as expected, so turn this back off */
+  SSL_CTX_clear_mode(self->ctx, SSL_MODE_AUTO_RETRY);
+
   amqp_set_socket(state, (amqp_socket_t *)self);
 
   return (amqp_socket_t *)self;
author	Alan Antonuk <alan.antonuk@gmail.com>	2019-12-11 00:09:14 -0800
committer	Alan Antonuk <alan.antonuk@gmail.com>	2019-12-11 00:13:19 -0800
commit	4d7a9cdae39f0c7bd54354f37b32cf2f05e9fad6 (patch)
tree	b29e3ed6e00dfb4eb37f7d178b4134144d251014
parent	fef39faa56f803af6ab30e9a927437542048c42f (diff)
download	rabbitmq-c-issue586.tar.gz