@@ -1,10 +1,10 @@ /* * Copyright (C) 1997-2000 Matt Newman * Copyright (C) 2000 Ajuba Solutions * - * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.15 2004/06/29 11:07:08 patthoyts Exp $ + * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.16 2007/06/22 21:20:38 hobbs2 Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B @@ -333,10 +333,16 @@ int bytesRead; /* How many bytes were read? */ *errorCodePtr = 0; dprintf(stderr,"\nBIO_read(%d)", bufSize); + + if (statePtr->flags & TLS_TCL_CALLBACK) { + /* don't process any bytes while verify callback is running */ + bytesRead = 0; + goto input; + } if (!SSL_is_init_finished(statePtr->ssl)) { bytesRead = Tls_WaitForConnect(statePtr, errorCodePtr); if (bytesRead <= 0) { goto input; @@ -411,10 +417,17 @@ int written, err; *errorCodePtr = 0; dprintf(stderr,"\nBIO_write(0x%x, %d)", (unsigned int) statePtr, toWrite); + + if (statePtr->flags & TLS_TCL_CALLBACK) { + /* don't process any bytes while verify callback is running */ + written = -1; + *errorCodePtr = EAGAIN; + goto output; + } if (!SSL_is_init_finished(statePtr->ssl)) { written = Tls_WaitForConnect(statePtr, errorCodePtr); if (written <= 0) { goto output; @@ -579,10 +592,16 @@ * combination of TCL_READABLE, * TCL_WRITABLE and TCL_EXCEPTION. */ { State *statePtr = (State *) instanceData; + dprintf(stderr, "TlsWatchProc(0x%x)\n", mask); + + /* Pretend to be dead as long as the verify callback is running. + * Otherwise that callback could be invoked recursively. */ + if (statePtr->flags & TLS_TCL_CALLBACK) { return; } + if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { Tcl_Channel downChan; statePtr->watchMask = mask;