diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2019-12-11 00:09:14 -0800 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2019-12-11 00:39:04 -0800 |
commit | 50c9be0b338497dba7368886121e7a84bb060e50 (patch) | |
tree | b29e3ed6e00dfb4eb37f7d178b4134144d251014 | |
parent | fef39faa56f803af6ab30e9a927437542048c42f (diff) | |
download | rabbitmq-c-50c9be0b338497dba7368886121e7a84bb060e50.tar.gz |
ssl: fix OpenSSL modes to correct non-blocking behavior
OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to
on. Because rabbitmq-c uses non-blocking calls internally, this must be
disabled.
Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to
return before a full frame is written. This is likely a latent bug that
hasn't been found until recently.
Fixes #586
-rw-r--r-- | librabbitmq/amqp_openssl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c index 4915a6a..b6aaa70 100644 --- a/librabbitmq/amqp_openssl.c +++ b/librabbitmq/amqp_openssl.c @@ -355,6 +355,11 @@ amqp_socket_t *amqp_ssl_socket_new(amqp_connection_state_t state) { /* Disable SSLv2 and SSLv3 */ SSL_CTX_set_options(self->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + /* OpenSSL v1.1.1 turns this on by default, which makes the non-blocking + * logic not behave as expected, so turn this back off */ + SSL_CTX_clear_mode(self->ctx, SSL_MODE_AUTO_RETRY); + amqp_set_socket(state, (amqp_socket_t *)self); return (amqp_socket_t *)self; |