Use the following for openssl 1.1+:
- X509_getm_notBefore over X509_get_notBefore
- X509_getm_notAfter over X509_get_notAfter
- use OPENSSL_VERSION_NUMBER over SSLeay()
- add missing headers
Refs: openssl/openssl@0b7347effe
(cherry picked from commit 08981f8d752ad23e21887b42944783e843b2e281)
There can be tricky cases (that can be reproduced by reducing
SO_RCVBUF/SO_SNDBUF to 6144, on linux, and be aware, since linux doubles
this const), when there is still write event pending, although we read
enough.
This should be fixed in a more sophisticated way, but to backport the
patch, let's simply break the loop manually.
The ssl/bufferevent_wm originally failed on solaris.
(cherry picked from commit ae9b285d2d7c9b898049072c157d50769d8014ea)
windows has intptr_t instead of regular int.
Also tt_fd_op() had been introduced, since we cannot use tt_int_op() for
comparing fd, since it is not always int.
(cherry picked from commit b29207dceee33832bb28ab103a833df6a2fd29d3)
Even after referenced patch there is still possible recursive callbacks
from evbuffer_drain(bev_input), i.e.:
wm_transfer() -> evbuffer_drain() -> wm_transfer()
inc(ctx->get)
But if we will increment ctx->get before drain that we will not add more
data to buffer.
Refs: 54c6fe3c ("regress_ssl: make ssl/bufferevent_wm_filter more fault-tolerance")
CI: https://ci.appveyor.com/project/nmathewson/libevent/build/job/f0rv299i71wnuxdq#L2546
(cherry picked from commit 1fc1c7ef1dabbbb358b99b893712bccc5761f82d)
Due to inplace callbacks (i.e. no BEV_OPT_DEFER_CALLBACKS) we cannot be
sure that wm_transfer() will not be called recursively and indeed it
still happens sometimes, and the referenced patch increase amount of
this times, especially for linux/poll.
Fixes: 66304a23cf748714159c988e78f35401c5352827 ("Fix
ssl/bufferevent_wm_filter when bev does not reach watermark on break")
(cherry picked from commit 54c6fe3c06cb5342130467ecf0f78e3f6d854a36)
* ssl_bufferevent_wm_filter-fix:
Fix ssl/bufferevent_wm_filter when bev does not reach watermark on break
regress_ssl: cover watermarks with deferred callbacks
regress_ssl: improve bufferevent_wm/bufferevent_wm_filter logging
(cherry picked from commit 9d93fbe77968da5ca5b2dbe8973e6f3c3045c5ba)
One tricky bit is reply to the BIO_C_GET_FD command, since otherwise it
will try to close(0) and accepted bev in ssl/bufferevent_connect_sleep
will leak. Other seems more or less trivial.
This was done to make sure that for at least generic cases does not
leak (tricky cases was listed here nmathewson/Libevent#83).
And this will allow run ssl/.. with --no-fork
(cherry picked from commit 9fe952a0aea25474de3dbc30350b1ffa5abcd65a)
* be-wm-overrun-v2:
Fix hangs due to watermarks overruns in bufferevents implementations
test: cover watermarks (with some corner cases) in ssl bufferevent
Fixes: #690
(cherry picked from commit 878bb2d3b9484b27594308da1d0d6a7c9bdf6647)
LibreSSL 2.7 implements OpenSSL 1.1 API except for BIO_get_init()
See also: https://bugs.freebsd.org/226900
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
Closes: #617 (cherry-pick)
(cherry picked from commit 28b8075400c70b2d2da2ce07e590c2ec6d11783d)
Before it depends from the caller #include appropriate headers (at least
for OPENSSL_VERSION_NUMBER), but let's make it independent.
Fixes: #574
(cherry picked from commit c2c08e0203da93938fe35234fa3a1be4d1c3c2e1)
Right now it fails because of regression for filtered openssl
bufferevent, and by it I mean ssl/bufferevent_filter_write_after_connect
test, and by fails - hang.
Regression-for: da52933550fd4736aa1c213b6de497e2ffc31e34 ("be_openssl:
don't call do_write() directly from outbuf_cb")
So firstly include our header (config.h) -- <evconfig-private.h>, and
only after it <sys/types.h> since latest has #ifdef guard, while our
config.h is not inteded for this.
And besides all this thing with LARGE_FILE is a abit awkward, since we
don't nefine _LP64/_LP32 anyway, and so we have next error actually (64bit VS
32bit):
==> solaris: In file included from ./util-internal.h:30:0,
==> solaris: from test/regress_ssl.c:49:
==> solaris: ./evconfig-private.h:29:0: warning: "_FILE_OFFSET_BITS" redefined
==> solaris: #define _FILE_OFFSET_BITS 64
==> solaris: ^
==> solaris: In file included from /usr/include/sys/types.h:17:0,
==> solaris: from test/regress_ssl.c:38:
==> solaris: /opt/csw/lib/gcc/i386-pc-solaris2.10/5.2.0/include-fixed/sys/feature_tests.h:196:0: note: this is the location of the previous definition
==> solaris: #define _FILE_OFFSET_BITS 32
==> solaris: ^
For cmake it commented in: 8b228e27f57300be61b57a41a2ec8666b726dc34
("Lot's of cmake updates")
This covers SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error codes from ssl,
under which we must block read/write to avoid busy looping, and hence extra CPU
usage.
This test introduces custom BIO that will count read/write and validates
counters, with patches for be_openssl that drops handling
SSL/SSL_ERROR_WANT_READ there are more then 43K reads, so 100 is pretty ok.
In this case client can't connect to server, and this bring to the front some
bugs with assigning on already added events (because of ```fd_is_set``` stuff),
for more info see #258, since this is the reproducible for it.
There's a bug in openssl 1.0.1 where TLS1.1 and TLS1.2 can't
renegotiate with themselves. When testing renegotiation with OpenSSL
>=1.0.1 and <1.0.1d, disable those protocols.
