Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL: Add support for TLS ASYNC state. #3591

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
3 participants
@bermuell
Copy link

commented Feb 20, 2019

In case that the TLS connection is paused using openssl ASYNC_pause_job()
current implementation of libcurl handles it as a connection error.

The proposed change adds support in case the TLS connections is paused that way.

Bernd Mueller

@bagder bagder added the SSL/TLS label Feb 20, 2019

@bagder bagder changed the title Add support for TLS ASYNC state. OpenSSL: Add support for TLS ASYNC state. Feb 20, 2019

@bagder

This comment has been minimized.

Copy link
Member

commented Feb 20, 2019

I checked. The define SSL_ERROR_WANT_ASYNC was added in openssl's commit openssl/openssl@07bbc92, which then has been in releases since 1.1.0.

@jay

This comment has been minimized.

Copy link
Member

commented Feb 25, 2019

I checked. The define SSL_ERROR_WANT_ASYNC was added in openssl's commit openssl/openssl@07bbc92, which then has been in releases since 1.1.0.

note that commit doesn't mention SSL_connect for the async

@bagder

This comment has been minimized.

Copy link
Member

commented Feb 25, 2019

@bermuell do you have a particular use case where you can trigger this failure and the fix then also fixes it?

@bermuell

This comment has been minimized.

Copy link
Author

commented Feb 25, 2019

The use case is when libCurl's SSL_CTX_set_cert_verify_callback is used to verify a cert-chain and the verify procedure is a async call to a PKI instance.

  1. Send request
  2. verify_callback: get server certificates
  3. Pause TLS connection (ASYNC_pause_job)
  4. Send PKI_verify request (async)
  5. Callback with PKI_verify_result
  6. Unpause TLS connection
  7. return result (SUCCESS/FAIL) from callback (of SSL_CTX_set_cert_verify_callback)

Without this fix the connection is closed by libCurl and reporting related 'WANT_ASYNC' error message.

@bagder

This comment has been minimized.

Copy link
Member

commented Feb 25, 2019

Thanks!

@bagder bagder closed this in 90236ed Feb 25, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.