summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Antonuk <alan.antonuk@gmail.com>2019-12-11 00:09:14 -0800
committerAlan Antonuk <alan.antonuk@gmail.com>2019-12-11 00:39:04 -0800
commit50c9be0b338497dba7368886121e7a84bb060e50 (patch)
treeb29e3ed6e00dfb4eb37f7d178b4134144d251014
parentfef39faa56f803af6ab30e9a927437542048c42f (diff)
downloadrabbitmq-c-50c9be0b338497dba7368886121e7a84bb060e50.tar.gz
ssl: fix OpenSSL modes to correct non-blocking behavior
OpenSSL changed the default in v1.1.1 of SSL_MODE_AUTO_RETRY from off to on. Because rabbitmq-c uses non-blocking calls internally, this must be disabled. Additionally turn on SSL_MODE_ENABLE_PARTIAL_WRITE to allow SSL_write to return before a full frame is written. This is likely a latent bug that hasn't been found until recently. Fixes #586
-rw-r--r--librabbitmq/amqp_openssl.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 4915a6a..b6aaa70 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -355,6 +355,11 @@ amqp_socket_t *amqp_ssl_socket_new(amqp_connection_state_t state) {
/* Disable SSLv2 and SSLv3 */
SSL_CTX_set_options(self->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+ /* OpenSSL v1.1.1 turns this on by default, which makes the non-blocking
+ * logic not behave as expected, so turn this back off */
+ SSL_CTX_clear_mode(self->ctx, SSL_MODE_AUTO_RETRY);
+
amqp_set_socket(state, (amqp_socket_t *)self);
return (amqp_socket_t *)self;