Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads #4599

Merged
merged 1 commit into from
Dec 16, 2021
Merged

Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads #4599

merged 1 commit into from
Dec 16, 2021

Conversation

julek-wolfssl
Copy link
Member

Addresses issue #4593

@julek-wolfssl julek-wolfssl self-assigned this Nov 23, 2021
@julek-wolfssl julek-wolfssl mentioned this pull request Nov 23, 2021
Closed
@julek-wolfssl julek-wolfssl assigned dgarske and unassigned ejohnstown Nov 29, 2021
dgarske
dgarske requested changes Nov 30, 2021
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a specific open source project this fix is being made for?

src/internal.c Outdated
@@ -65,6 +65,12 @@
* may be received by a client. To support detecting this, peek will
* return WOLFSSL_ERROR_WANT_READ.
* This define turns off this behaviour.
* WOLFSSL_FORCE_AUTO_RETRY
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So defining this macro forces the network reads to behave as blocking? Is there a reason not to implement runtime support using the SSL_MODE_AUTO_RETRY option? Also can you check review the code comment at ssl.h:2136 for SSL_MODE_AUTO_RETRY? It seems wrong.

SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to block with blocking io and auto retry */

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to keep this PR minimum but if you would prefer a runtime solution, I can add the necessary API to make that work. Still, I don't think that this is a good default for wolfSSL. If you want me to implement a runtime solution, I'll make the SSL_MODE_AUTO_RETRY option on by default only with OPENSSL_COMPATIBLE_DEFAULTS.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll update the SSL_MODE_AUTO_RETRY comment to match the real behaviour.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment fixed.

src/internal.c Outdated
@@ -65,6 +65,12 @@
* may be received by a client. To support detecting this, peek will
* return WOLFSSL_ERROR_WANT_READ.
* This define turns off this behaviour.
* WOLFSSL_FORCE_AUTO_RETRY
* This will force wolfSSL to always retry to read when it receives a
Copy link
Contributor

@dgarske dgarske Nov 30, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This option will force a wolfSSL read to behave as blocking.

@dgarske dgarske assigned julek-wolfssl and unassigned dgarske Nov 30, 2021
@dgarske dgarske self-requested a review December 8, 2021 15:25
@julek-wolfssl
Copy link
Member Author

@dgarske This is being made in response to an issue: #4593. In another issue this user is asking in relation to the fetchmail project so I would guess this issue comes from work on the same project.

@mandree
Copy link

mandree commented Dec 8, 2021
edited
Loading

@dgarske This is being made in response to an issue: #4593. In another issue this user is asking in relation to the fetchmail project so I would guess this issue comes from work on the same project.

True, but fetchmail no longer requires it after recent updates to its TLS code. To be specific for people who find this thread:

  • fetchmail's abfc13c fixes the non-blocking behavior (needed for OpenSSL 1.0.2, too, according to its documentation, although never occurred in practice)
  • fetchmail's 8128bea fixes up the old code to work with OpenSSL 1.0.2/1.1.1/3.0 and wolfSSL 5.0.0's OpenSSL compat APIs.

@julek-wolfssl
Copy link
Member Author

I changed this to set SSL_MODE_AUTO_RETRY with OPENSSL_COMPATIBLE_DEFAULTS and added wolfSSL_CTX_clear_mode to allow for clearing this option.

@dgarske dgarske merged commit 424bd2d into wolfSSL:master Dec 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@ejohnstown ejohnstown Awaiting requested review from ejohnstown

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@julek-wolfssl @mandree @dgarske @ejohnstown