Attachment #501702 for bug #588768




  return ret;
}

# if OPENSSL_VERSION_NUMBER<0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#  define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
#  define BIO_set_init(_b,_init) ((_b)->init=(_init))
#  define ASN1_STRING_get0_data ASN1_STRING_data


static int op_bio_retry_new(BIO *_b){
  BIO_set_init(_b,1);
# if OPENSSL_VERSION_NUMBER<0x10100000L || defined (LIBRESSL_VERSION_NUMBER)

  _b->num=0;
# endif
  BIO_set_data(_b,NULL);

  return _b!=NULL;
}

# if OPENSSL_VERSION_NUMBER<0x10100000L || defined (LIBRESSL_VERSION_NUMBER)

/*This is not const because OpenSSL doesn't allow it, even though it won't
   write to it.*/
static BIO_METHOD op_bio_retry_method={

   proxying https URL requests.*/
static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
 OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){
# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
  BIO_METHOD *bio_retry_method;
# endif
  BIO  *retry_bio;

  ret=op_http_conn_write_fully(_conn,
   _stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
  if(OP_UNLIKELY(ret<0))return ret;
# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
  bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
  if(bio_retry_method==NULL)return OP_EFAULT;
  BIO_meth_set_write(bio_retry_method,op_bio_retry_write);

  /*This shouldn't succeed, since we can't read yet.*/
  OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
  SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
  BIO_meth_free(bio_retry_method);
# endif
  /*Only now do we disable write coalescing, to allow the CONNECT

  return NULL;
}

# if OPENSSL_VERSION_NUMBER<0x10002000L || defined (LIBRESSL_VERSION_NUMBER)
/*Match a host name against a host with a possible wildcard pattern according
   to the rules of RFC 6125 Section 6.4.3.
  Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/

  SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);
# endif
  skip_certificate_check=_stream->skip_certificate_check;
# if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined (LIBRESSL_VERSION_NUMBER)
  /*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.
    Of course, they make it much more complicated than it needs to be.*/
  if(!skip_certificate_check){

    /*Initialize the SSL library if necessary.*/
    if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){
      SSL_CTX *ssl_ctx;
# if OPENSSL_VERSION_NUMBER<0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#  if !defined(OPENSSL_NO_LOCKING)
      /*The documentation says SSL_library_init() is not reentrant.
        We don't want to add our own depenencies on a threading library, and it

Return to bug 588768

Lines 1530-1536 static long op_bio_retry_ctrl(BIO _b,int _cmd,long _num,void _ptr){ Link Here

(-)a/src/http.c (-9 / +11 lines)
1530	return ret;	1530	return ret;
1531	}	1531	}
1532		1532
1533	# if OPENSSL_VERSION_NUMBER<0x10100000L	1533	# if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined (LIBRESSL_VERSION_NUMBER)
1534	# define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))	1534	# define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
1535	# define BIO_set_init(_b,_init) ((_b)->init=(_init))	1535	# define BIO_set_init(_b,_init) ((_b)->init=(_init))
1536	# define ASN1_STRING_get0_data ASN1_STRING_data	1536	# define ASN1_STRING_get0_data ASN1_STRING_data
Lines 1538-1544 static long op_bio_retry_ctrl(BIO _b,int _cmd,long _num,void _ptr){ Link Here
1538		1538
1539	static int op_bio_retry_new(BIO *_b){	1539	static int op_bio_retry_new(BIO *_b){
1540	BIO_set_init(_b,1);	1540	BIO_set_init(_b,1);
1541	# if OPENSSL_VERSION_NUMBER<0x10100000L	1541	# if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined (LIBRESSL_VERSION_NUMBER)
		1542
1542	_b->num=0;	1543	_b->num=0;
1543	# endif	1544	# endif
1544	BIO_set_data(_b,NULL);	1545	BIO_set_data(_b,NULL);
Lines 1549-1555 static int op_bio_retry_free(BIO *_b){ Link Here
1549	return _b!=NULL;	1550	return _b!=NULL;
1550	}	1551	}
1551		1552
1552	# if OPENSSL_VERSION_NUMBER<0x10100000L	1553	# if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined (LIBRESSL_VERSION_NUMBER)
		1554
1553	/*This is not const because OpenSSL doesn't allow it, even though it won't	1555	/*This is not const because OpenSSL doesn't allow it, even though it won't
1554	write to it.*/	1556	write to it.*/
1555	static BIO_METHOD op_bio_retry_method={	1557	static BIO_METHOD op_bio_retry_method={
Lines 1570-1576 static BIO_METHOD op_bio_retry_method={ Link Here
1570	proxying https URL requests.*/	1572	proxying https URL requests.*/
1571	static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,	1573	static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
1572	OpusHTTPConn _conn,op_sock _fd,SSL _ssl_conn,BIO *_ssl_bio){	1574	OpusHTTPConn _conn,op_sock _fd,SSL _ssl_conn,BIO *_ssl_bio){
1573	# if OPENSSL_VERSION_NUMBER>=0x10100000L	1575	# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
1574	BIO_METHOD *bio_retry_method;	1576	BIO_METHOD *bio_retry_method;
1575	# endif	1577	# endif
1576	BIO *retry_bio;	1578	BIO *retry_bio;
Lines 1583-1589 static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream, Link Here
1583	ret=op_http_conn_write_fully(_conn,	1585	ret=op_http_conn_write_fully(_conn,
1584	_stream->proxy_connect.buf,_stream->proxy_connect.nbuf);	1586	_stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
1585	if(OP_UNLIKELY(ret<0))return ret;	1587	if(OP_UNLIKELY(ret<0))return ret;
1586	# if OPENSSL_VERSION_NUMBER>=0x10100000L	1588	# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
1587	bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");	1589	bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
1588	if(bio_retry_method==NULL)return OP_EFAULT;	1590	if(bio_retry_method==NULL)return OP_EFAULT;
1589	BIO_meth_set_write(bio_retry_method,op_bio_retry_write);	1591	BIO_meth_set_write(bio_retry_method,op_bio_retry_write);
Lines 1606-1612 static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream, Link Here
1606	/This shouldn't succeed, since we can't read yet./	1608	/This shouldn't succeed, since we can't read yet./
1607	OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);	1609	OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
1608	SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);	1610	SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
1609	# if OPENSSL_VERSION_NUMBER>=0x10100000L	1611	# if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
1610	BIO_meth_free(bio_retry_method);	1612	BIO_meth_free(bio_retry_method);
1611	# endif	1613	# endif
1612	/*Only now do we disable write coalescing, to allow the CONNECT	1614	/*Only now do we disable write coalescing, to allow the CONNECT
Lines 1635-1641 static struct addrinfo op_inet_pton(const char _host){ Link Here
1635	return NULL;	1637	return NULL;
1636	}	1638	}
1637		1639
1638	# if OPENSSL_VERSION_NUMBER<0x10002000L	1640	# if OPENSSL_VERSION_NUMBER<0x10002000L \|\| defined (LIBRESSL_VERSION_NUMBER)
1639	/*Match a host name against a host with a possible wildcard pattern according	1641	/*Match a host name against a host with a possible wildcard pattern according
1640	to the rules of RFC 6125 Section 6.4.3.	1642	to the rules of RFC 6125 Section 6.4.3.
1641	Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/	1643	Return: 0 if the pattern doesn't match, and a non-zero value if it does.*/
Lines 1893-1899 static int op_http_conn_start_tls(OpusHTTPStream _stream,OpusHTTPConn _conn, Link Here
1893	SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);	1895	SSL_set_tlsext_host_name(_ssl_conn,_stream->url.host);
1894	# endif	1896	# endif
1895	skip_certificate_check=_stream->skip_certificate_check;	1897	skip_certificate_check=_stream->skip_certificate_check;
1896	# if OPENSSL_VERSION_NUMBER>=0x10002000L	1898	# if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined (LIBRESSL_VERSION_NUMBER)
1897	/*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.	1899	/*As of version 1.0.2, OpenSSL can finally do hostname checks automatically.
1898	Of course, they make it much more complicated than it needs to be.*/	1900	Of course, they make it much more complicated than it needs to be.*/
1899	if(!skip_certificate_check){	1901	if(!skip_certificate_check){
Lines 2314-2320 static int op_http_stream_open(OpusHTTPStream _stream,const char _url, Link Here
2314	/Initialize the SSL library if necessary./	2316	/Initialize the SSL library if necessary./
2315	if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){	2317	if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){
2316	SSL_CTX *ssl_ctx;	2318	SSL_CTX *ssl_ctx;
2317	# if OPENSSL_VERSION_NUMBER<0x10100000L	2319	# if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined (LIBRESSL_VERSION_NUMBER)
2318	# if !defined(OPENSSL_NO_LOCKING)	2320	# if !defined(OPENSSL_NO_LOCKING)
2319	/*The documentation says SSL_library_init() is not reentrant.	2321	/*The documentation says SSL_library_init() is not reentrant.
2320	We don't want to add our own depenencies on a threading library, and it	2322	We don't want to add our own depenencies on a threading library, and it