From f6a1bb920eebdba0d4a6c295c4d054307b49b2b1 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 29 Dec 2018 18:41:48 +0000 Subject: [PATCH] OpenSSSL: support write-with-more-intent in client --- src/src/tls-openssl.c | 10 ++++++---- test/confs/4060 | 2 ++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 4566baa36..8f888824f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2898,6 +2898,7 @@ Used by both server-side and client-side TLS. int tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more) { +size_t olen = len; int outbytes, error; SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl; static gstring * corked = NULL; @@ -2909,10 +2910,11 @@ DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__, "more" is notified. This hack is only ok if small amounts are involved AND only one stream does it, in one context (i.e. no store reset). Currently it is used for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */ -/*XXX + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's -a store reset there. */ +/* + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's +a store reset there, so use POOL_PERM. */ +/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */ -if (!ct_ctx && (more || corked)) +if ((more || corked)) { #ifdef EXPERIMENTAL_PIPE_CONNECT int save_pool = store_pool; @@ -2965,7 +2967,7 @@ for (int left = len; left > 0;) return -1; } } -return len; +return olen; } diff --git a/test/confs/4060 b/test/confs/4060 index 935d49fe1..a87c3d6b2 100644 --- a/test/confs/4060 +++ b/test/confs/4060 @@ -25,6 +25,8 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} # Avoid ECDHE key-exchange so that we can wireshark-decode .ifdef _HAVE_GNUTLS tls_require_ciphers = NORMAL:-KX-ALL:+RSA +.else +tls_require_ciphers = DEFAULT:!kECDHE .endif pipelining_connect_advertise_hosts = * -- 2.30.2