Skip to content

Commit ee74a72

Browse files
arnaud65110arnaud65110
committed
net: fixed TLS buffer process via OpenSSL
- added the #459 #460 OpenSSL fix also for client sockets, because they expect the same behavior than plain recv/send socket API calls - applied the options at the CTX level, which are inherited by every accepted socket.
1 parent 7aff391 commit ee74a72

2 files changed

Lines changed: 8 additions & 7 deletions

File tree

src/lib/mormot.lib.openssl11.pas

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11271,6 +11271,13 @@ procedure TOpenSslNetTls.SetupCtx(var Context: TNetTlsContext; Bind: boolean);
1127111271
SSL_CTX_set_min_proto_version(fCtx, v);
1127211272
if Context.DisableTls13 then
1127311273
SSL_CTX_set_max_proto_version(fCtx, TLS1_2_VERSION); // stick to TLS 1.2
11274+
// SSL_MODE_ENABLE_PARTIAL_WRITE ($01): SSL_write returns partial count on
11275+
// partial send, so mORMot can advance the buffer pointer correctly and
11276+
// issue a fresh SSL_write for the remainder (no retry-same-buffer constraint)
11277+
// SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER ($02): allow retry with different
11278+
// buffer pointer after WANT_WRITE (mORMot copies pending data to fWr)
11279+
SSL_CTX_set_mode(fCtx, SSL_MODE_ENABLE_PARTIAL_WRITE or
11280+
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1127411281
end;
1127511282

1127611283
function AfterAcceptSNI(s: PSSL; ad: PInteger; arg: pointer): integer; cdecl;
@@ -11338,12 +11345,6 @@ procedure TOpenSslNetTls.AfterAccept(Socket: TNetSocket;
1133811345
if BoundContext.AcceptCert = nil then
1133911346
raise EOpenSslNetTls.Create('AfterAccept: missing AfterBind');
1134011347
fSsl := SSL_new(BoundContext.AcceptCert);
11341-
// SSL_MODE_ENABLE_PARTIAL_WRITE ($01): SSL_write returns partial count on
11342-
// partial send, so mORMot can advance the buffer pointer correctly and
11343-
// issue a fresh SSL_write for the remainder (no retry-same-buffer constraint)
11344-
// SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER ($02): allow retry with different
11345-
// buffer pointer after WANT_WRITE (mORMot copies pending data to fWr)
11346-
SSL_set_mode(fSsl, $00000003); // ENABLE_PARTIAL_WRITE | ACCEPT_MOVING_WRITE_BUFFER
1134711348
Check('AfterAccept set_fd', SSL_set_fd(fSsl, Socket.Socket));
1134811349
// server TLS negotiation with server
1134911350
Check('AfterAccept accept', SSL_accept(fSsl));

src/mormot.commit.inc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
'2.4.14852'
1+
'2.4.14853'

0 commit comments

Comments
 (0)