Call BIO_set_nbio() for SSL BIO at startup

Oops, this was still in CSTP code where we *used* to make the socket
non-blocking, and now it should be like that from the beginning.

It's not entirely clear what difference it makes; all my testing of the
non-blocking code through authentication and CSTP connection was working
fine in non-blocking mode without it, when all I'd done was set O_NONBLOCK
on the socket.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/cstp.c b/cstp.c
index 0410f67..86c2e4f 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -359,9 +359,6 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
        vpn_progress(vpninfo, PRG_INFO, _("CSTP connected. DPD %d, Keepalive %d\n"),
                     vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive);
 
-       BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl), 1);
-       BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl), 1);
-
        if (vpninfo->select_nfds <= vpninfo->ssl_fd)
                vpninfo->select_nfds = vpninfo->ssl_fd + 1;
 

diff --git a/ssl.c b/ssl.c
index eae90aa..8c29041 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -1229,6 +1229,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
        workaround_openssl_certchain_bug(vpninfo, https_ssl);
 
        https_bio = BIO_new_socket(ssl_sock, BIO_NOCLOSE);
+       BIO_set_nbio(https_bio, 1);
        SSL_set_bio(https_ssl, https_bio, https_bio);
 
        vpn_progress(vpninfo, PRG_INFO, _("SSL negotiation with %s\n"),