tls: change SSL_has_pending to avoid BIO check error

[vpp.git] / src / plugins / tlsopenssl / tls_openssl.c

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 589d76d..eeeb749 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -43,7 +43,7 @@ openssl_ctx_alloc (void)
 
   clib_memset (*ctx, 0, sizeof (openssl_ctx_t));
   (*ctx)->ctx.c_thread_index = thread_index;
-  (*ctx)->ctx.tls_ctx_engine = TLS_ENGINE_OPENSSL;
+  (*ctx)->ctx.tls_ctx_engine = CRYPTO_ENGINE_OPENSSL;
   (*ctx)->ctx.app_session_handle = SESSION_INVALID_HANDLE;
   (*ctx)->openssl_ctx_index = ctx - tm->ctx_pool[thread_index];
   return ((*ctx)->openssl_ctx_index);
@@ -479,7 +479,7 @@ check_app_fifo:
       return wrote;
     }
   svm_fifo_enqueue_nocopy (f, read);
-  if (read < enq_max && BIO_ctrl_pending (oc->wbio) > 0)
+  if (read < enq_max && SSL_pending (oc->ssl) > 0)
     {
       deq_now = clib_min (svm_fifo_max_write_chunk (f), enq_max - read);
       read = SSL_read (oc->ssl, svm_fifo_tail (f), deq_now);
@@ -488,7 +488,7 @@ check_app_fifo:
     }
 
   tls_notify_app_enqueue (ctx, app_session);
-  if (BIO_ctrl_pending (oc->wbio) > 0)
+  if (SSL_pending (oc->ssl) > 0)
     tls_add_vpp_q_builtin_rx_evt (tls_session);
 
   return wrote;
@@ -592,7 +592,6 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
 static int
 openssl_start_listen (tls_ctx_t * lctx)
 {
-  application_t *app;
   const SSL_METHOD *method;
   SSL_CTX *ssl_ctx;
   int rv;
@@ -601,17 +600,16 @@ openssl_start_listen (tls_ctx_t * lctx)
   EVP_PKEY *pkey;
   u32 olc_index;
   openssl_listen_ctx_t *olc;
-  app_worker_t *app_wrk;
+  app_cert_key_pair_t *ckpair;
 
   long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
   openssl_main_t *om = &openssl_main;
 
-  app_wrk = app_worker_get (lctx->parent_app_wrk_index);
-  if (!app_wrk)
+  ckpair = app_cert_key_pair_get_if_valid (lctx->ckpair_index);
+  if (!ckpair)
     return -1;
 
-  app = application_get (app_wrk->app_index);
-  if (!app->tls_cert || !app->tls_key)
+  if (!ckpair->cert || !ckpair->key)
     {
       TLS_DBG (1, "tls cert and/or key not configured %d",
               lctx->parent_app_wrk_index);
@@ -646,7 +644,7 @@ openssl_start_listen (tls_ctx_t * lctx)
    * Set the key and cert
    */
   cert_bio = BIO_new (BIO_s_mem ());
-  BIO_write (cert_bio, app->tls_cert, vec_len (app->tls_cert));
+  BIO_write (cert_bio, ckpair->cert, vec_len (ckpair->cert));
   srvcert = PEM_read_bio_X509 (cert_bio, NULL, NULL, NULL);
   if (!srvcert)
     {
@@ -657,7 +655,7 @@ openssl_start_listen (tls_ctx_t * lctx)
   BIO_free (cert_bio);
 
   cert_bio = BIO_new (BIO_s_mem ());
-  BIO_write (cert_bio, app->tls_key, vec_len (app->tls_key));
+  BIO_write (cert_bio, ckpair->key, vec_len (ckpair->key));
   pkey = PEM_read_bio_PrivateKey (cert_bio, NULL, NULL, NULL);
   if (!pkey)
     {
@@ -894,7 +892,7 @@ tls_openssl_init (vlib_main_t * vm)
 
   vec_validate (om->ctx_pool, num_threads - 1);
 
-  tls_register_engine (&openssl_engine, TLS_ENGINE_OPENSSL);
+  tls_register_engine (&openssl_engine, CRYPTO_ENGINE_OPENSSL);
 
   om->engine_init = 0;