Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL: Add support for TLS ASYNC state. #3591

Closed
wants to merge 1 commit into from
Closed

OpenSSL: Add support for TLS ASYNC state. #3591

wants to merge 1 commit into from

Conversation

bermuell
Copy link

In case that the TLS connection is paused using openssl ASYNC_pause_job()
current implementation of libcurl handles it as a connection error.

The proposed change adds support in case the TLS connections is paused that way.

@bagder bagder added the TLS label Feb 20, 2019
@bagder bagder changed the title Add support for TLS ASYNC state. OpenSSL: Add support for TLS ASYNC state. Feb 20, 2019
@bagder
Copy link
Member

bagder commented Feb 20, 2019

I checked. The define SSL_ERROR_WANT_ASYNC was added in openssl's commit openssl/openssl@07bbc92ccb96d48044, which then has been in releases since 1.1.0.

@jay
Copy link
Member

jay commented Feb 25, 2019

I checked. The define SSL_ERROR_WANT_ASYNC was added in openssl's commit openssl/openssl@07bbc92, which then has been in releases since 1.1.0.

note that commit doesn't mention SSL_connect for the async

@bagder
Copy link
Member

bagder commented Feb 25, 2019

@bermuell do you have a particular use case where you can trigger this failure and the fix then also fixes it?

@bermuell
Copy link
Author

The use case is when libCurl's SSL_CTX_set_cert_verify_callback is used to verify a cert-chain and the verify procedure is a async call to a PKI instance.

  1. Send request
  2. verify_callback: get server certificates
  3. Pause TLS connection (ASYNC_pause_job)
  4. Send PKI_verify request (async)
  5. Callback with PKI_verify_result
  6. Unpause TLS connection
  7. return result (SUCCESS/FAIL) from callback (of SSL_CTX_set_cert_verify_callback)

Without this fix the connection is closed by libCurl and reporting related 'WANT_ASYNC' error message.

@bagder
Copy link
Member

bagder commented Feb 25, 2019

Thanks!

@bagder bagder closed this in 90236ed Feb 25, 2019
@lock lock bot locked as resolved and limited conversation to collaborators May 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Development

Successfully merging this pull request may close these issues.

3 participants