From 22a36db4b8d3ab6b05861912dd42dbaaf1970d01 Mon Sep 17 00:00:00 2001 From: Maciej Borzecki Date: Thu, 14 May 2015 09:11:34 +0200 Subject: amqp_openssl: fix SSL_connect() status check According to documentation SSL_connect() can return: - 1 if handshake was successful or - 0 or < 0 if handshake failed and connection was cleaned up or communcation error occurred When nonblocking flag is set on the socket and handshake is in progress, SSL_connect() retruns -1 and sets error SSL_ERROR_WANT_READ. The test will then skip the switch() branch, and proceed forward with hanshake procedure in unfinished state. This may lead to certificate verification failure, as should the handshake be interrupted too soon, no server certificates would be received. --- librabbitmq/amqp_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c index c225cdd..de65185 100644 --- a/librabbitmq/amqp_openssl.c +++ b/librabbitmq/amqp_openssl.c @@ -300,7 +300,7 @@ amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *tim start_connect: status = SSL_connect(self->ssl); - if (!status) { + if (status != 1) { self->internal_error = SSL_get_error(self->ssl, status); switch (self->internal_error) { case SSL_ERROR_WANT_READ: -- cgit v1.2.1