From 121169c1f57bf0b1130b400d9ed6431855fb2e73 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Fri, 1 Jul 2016 18:31:47 -0400
Subject: [PATCH] Set auto retry

SSL_read returns a WANT_READ after a renegotiation by default which ends
up bubbling up as a weird BUG error. Tell OpenSSL to just do the read
again.
---
 openssl-sys-extras/src/lib.rs         | 2 ++
 openssl-sys-extras/src/openssl_shim.c | 4 ++++
 openssl-sys/src/lib.rs                | 4 +++-
 openssl/src/ssl/mod.rs                | 9 ++++++++-
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs
index 8b13ade9e..c71ad0736 100644
--- a/openssl-sys-extras/src/lib.rs
+++ b/openssl-sys-extras/src/lib.rs
@@ -60,6 +60,8 @@ extern {
     pub fn SSL_CTX_set_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
     pub fn SSL_CTX_get_options_shim(ctx: *mut SSL_CTX) -> c_long;
     pub fn SSL_CTX_clear_options_shim(ctx: *mut SSL_CTX, options: c_long) -> c_long;
+    #[link_name = "SSL_CTX_set_mode_shim"]
+    pub fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, options: c_long) -> c_long;
     #[link_name = "SSL_CTX_add_extra_chain_cert_shim"]
     pub fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long;
     #[link_name = "SSL_CTX_set_read_ahead_shim"]
diff --git a/openssl-sys-extras/src/openssl_shim.c b/openssl-sys-extras/src/openssl_shim.c
index 11df1ca6e..db2a8786d 100644
--- a/openssl-sys-extras/src/openssl_shim.c
+++ b/openssl-sys-extras/src/openssl_shim.c
@@ -93,6 +93,10 @@ long SSL_CTX_clear_options_shim(SSL_CTX *ctx, long options) {
     return SSL_CTX_clear_options(ctx, options);
 }
 
+long SSL_CTX_set_mode_shim(SSL_CTX *ctx, long options) {
+    return SSL_CTX_set_mode(ctx, options);
+}
+
 long SSL_CTX_add_extra_chain_cert_shim(SSL_CTX *ctx, X509 *x509) {
     return SSL_CTX_add_extra_chain_cert(ctx, x509);
 }
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index e6a7c488d..bdcf71d43 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -270,8 +270,10 @@ pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:  c_int = 53;
 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
 pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
 pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
-
 pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
+
+pub const SSL_MODE_AUTO_RETRY: c_long = 4;
+
 pub const SSL_ERROR_NONE: c_int = 0;
 pub const SSL_ERROR_SSL: c_int = 1;
 pub const SSL_ERROR_SYSCALL: c_int = 5;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index f207416f7..d0954bc72 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -566,6 +566,9 @@ impl SslContext {
 
         let ctx = SslContext { ctx: ctx };
 
+        // this is a bit dubious (?)
+        try!(ctx.set_mode(ffi::SSL_MODE_AUTO_RETRY));
+
         if method.is_dtls() {
             ctx.set_read_ahead(1);
         }
@@ -648,8 +651,12 @@ impl SslContext {
         }
     }
 
+    fn set_mode(&self, mode: c_long) -> Result<(), SslError> {
+        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_mode(self.ctx, mode) as c_int })
+    }
+
     pub fn set_tmp_dh(&self, dh: DH) -> Result<(), SslError> {
-        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
+        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as c_int })
     }
 
     /// Use the default locations of trusted certificates for verification.
-- 
GitLab