Skip to content

Commit

Permalink
[release/4.x] Cherry pick: Fix bug in TLS context - allow incoming wr…
Browse files Browse the repository at this point in the history 
…ite buffer to be relocated (#5482) (#5485)
  • Loading branch information
CCF [bot] authored Jul 31, 2023
1 parent 0e406e4 commit 2866a8f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
3 changes: 1 addition & 2 deletions src/enclave/tls_session.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,8 +416,7 @@ namespace ccf
}
else
{
LOG_TRACE_FMT(
"TLS {} on flush: {}", session_id, tls::error_string(r));
LOG_TRACE_FMT("TLS session {} error on flush: {}", session_id, -r);
stop(error);
}
}
Expand Down
9 changes: 9 additions & 0 deletions src/tls/context.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,15 @@ namespace tls
SSL_CTX_set1_curves_list(cfg, "P-521:P-384:P-256");
SSL_set1_curves_list(ssl, "P-521:P-384:P-256");

// Allow buffer to be relocated between WANT_WRITE retries, and do partial
// writes if possible
SSL_CTX_set_mode(
cfg,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_set_mode(
ssl,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);

// Initialise connection
if (client)
SSL_set_connect_state(ssl);
Expand Down

0 comments on commit 2866a8f

Please sign in to comment.