diff options
| author | Maciej Borzecki <maciej.borzecki@open-rnd.pl> | 2015-05-14 09:11:34 +0200 |
|---|---|---|
| committer | Alan Antonuk <alan.antonuk@gmail.com> | 2015-05-14 22:40:42 -0700 |
| commit | 22a36db4b8d3ab6b05861912dd42dbaaf1970d01 (patch) | |
| tree | a838a916519995955ea79cd13b7b4270792d116f | |
| parent | d25193572262693194e648ee39bedc062b231acf (diff) | |
| download | rabbitmq-c-22a36db4b8d3ab6b05861912dd42dbaaf1970d01.tar.gz | |
amqp_openssl: fix SSL_connect() status check
According to documentation SSL_connect() can return:
- 1 if handshake was successful or
- 0 or < 0 if handshake failed and connection was cleaned up or
communcation error occurred
When nonblocking flag is set on the socket and handshake is in progress,
SSL_connect() retruns -1 and sets error SSL_ERROR_WANT_READ. The test
will then skip the switch() branch, and proceed forward with hanshake
procedure in unfinished state. This may lead to certificate verification
failure, as should the handshake be interrupted too soon, no server
certificates would be received.
| -rw-r--r-- | librabbitmq/amqp_openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c index c225cdd..de65185 100644 --- a/librabbitmq/amqp_openssl.c +++ b/librabbitmq/amqp_openssl.c @@ -300,7 +300,7 @@ amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *tim start_connect: status = SSL_connect(self->ssl); - if (!status) { + if (status != 1) { self->internal_error = SSL_get_error(self->ssl, status); switch (self->internal_error) { case SSL_ERROR_WANT_READ: |