On 12/07/17 19:43, Roelof Du Toit wrote: > This seems to be a bug in how s_time handles the TLS 1.3 post-handshake > NewSessionTicket message; more specifically: not handling the retry when > SSL_read() returns -1. > > > > The following diff (in tls1.3-draft-19 branch) appears to resolve the issue: Probably you should use SSL_get_error() rather than BIO_should_retry(). The former is a little more complete (checks some conditions that BIO_should_retry() does not). Could you submit this as a github PR? Matt > > > > $ git diff > > diff --git a/apps/s_time.c b/apps/s_time.c > > index 998ef72..caa1b22 100644 > > --- a/apps/s_time.c > > +++ b/apps/s_time.c > > @@ -234,8 +234,8 @@ int s_time_main(int argc, char **argv) > > fmt_http_get_cmd, www_path); > > if (SSL_write(scon, buf, buf_len) <= 0) > > goto end; > > - while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) > > - bytes_read += i; > > + while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 || > BIO_should_retry(SSL_get_rbio(scon))) > > + if (i > 0) bytes_read += i; > > } > > > > > > --Roelof > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
