SSL handshake now successfully completes when a client connects with SSL enabled.

server/core/dcb.c

@@ -941,18 +941,12 @@ int dcb_read_SSL(
                         /** Handle closed client socket */
                         if (dcb_isclient(dcb))
                         {
-                                char c;
-                                int l_errno = 0;
+                                char c = 0;
                                 int r = -1;
 
                                 /* try to read 1 byte, without consuming the socket buffer */
-                                r = recv(dcb->fd, &c, sizeof(char), MSG_PEEK);
-                                l_errno = errno;
-
-                                if (r <= 0 &&
-                                        l_errno != EAGAIN &&
-                                        l_errno != EWOULDBLOCK &&
-					l_errno != 0)
+                                r = SSL_peek(ssl, &c, sizeof(char));
+                                if (r <= 0)
                                 {
                                         n = -1;
                                         goto return_n;
@@ -989,13 +983,15 @@ int dcb_read_SSL(
                         n = -1;
                         goto return_n;
                 }
-                GW_NOINTR_CALL(n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize);
-                dcb->stats.n_reads++);
+                n = SSL_read(ssl, GWBUF_DATA(buffer), bufsize);
+                dcb->stats.n_reads++;
 
+		int ssl_errno = 0;
                 if (n <= 0)
                 {
-		    int ssl_errno = ERR_get_error();
-		    if(ssl_errno != SSL_ERROR_WANT_READ)
+		    ssl_errno = ERR_get_error();
+
+		    if(ssl_errno != SSL_ERROR_WANT_READ && ssl_errno != SSL_ERROR_NONE)
 		    {
 		    LOGIF(LE, (skygw_log_write_flush(
 			    LOGFILE_ERROR,
@@ -1023,6 +1019,8 @@ int dcb_read_SSL(
                         dcb->fd)));
                 /*< Append read data to the gwbuf */
                 *head = gwbuf_append(*head, buffer);
+		if(ssl_errno == SSL_ERROR_WANT_READ || ssl_errno == SSL_ERROR_NONE)
+		    break;
         } /*< while (true) */
 return_n:
         return n;

server/core/gateway.c

@@ -196,7 +196,9 @@ static bool resolve_maxscale_conf_fname(
 
 static char* check_dir_access(char* dirname,bool,bool);
 static int set_user();
-
+static void maxscale_ssl_lock(int mode,int n,const char* file, int line);
+static unsigned long maxscale_ssl_id();
+static SPINLOCK* ssl_locks;
 /**
  * Handler for SIGHUP signal. Reload the configuration for the
  * gateway.
@@ -1370,7 +1372,23 @@ int main(int argc, char **argv)
                 rc = MAXSCALE_INTERNALERROR;
                 goto return_main;
         }
+	
+	/** OpenSSL initialization */
 
+	SSL_library_init();
+	SSL_load_error_strings();
+	int n_locks = CRYPTO_num_locks();
+	if((ssl_locks = malloc(n_locks*sizeof(SPINLOCK))) == NULL)
+	{
+	    rc = MAXSCALE_INTERNALERROR;
+	    goto return_main;
+	}
+
+	for(i = 0;i<n_locks;i++)
+	    spinlock_init(&ssl_locks[i]);
+
+	CRYPTO_set_locking_callback(maxscale_ssl_lock);
+	CRYPTO_set_id_callback(maxscale_ssl_id);
 	/* register exit function for embedded MySQL library */
         l = atexit(libmysqld_done);
 
@@ -2002,3 +2020,20 @@ static int set_user(char* user)
 
     return rval;
 }
+
+static void maxscale_ssl_lock(int mode,int n,const char* file, int line)
+{
+    if(mode & CRYPTO_LOCK)
+    {
+	spinlock_acquire(&ssl_locks[n]);
+    }
+    else
+    {
+	spinlock_release(&ssl_locks[n]);
+    }
+}
+
+static unsigned long maxscale_ssl_id()
+{
+    return (unsigned long)pthread_self();
+}

server/core/service.c

@@ -1843,7 +1843,7 @@ int serviceInitSSL(SERVICE* service)
 	SSL_CTX_set_verify(service->ctx,SSL_VERIFY_PEER,NULL);
 
 	/* Set the verification depth to 1 */
-	SSL_CTX_set_verify_depth(service->ctx,10);
+	SSL_CTX_set_verify_depth(service->ctx,1);
 	service->ssl_init_done = true;
     }
     return 0;