From f7415644a66ca9d04e5e06312a163e677032b695 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 10 Sep 2015 10:14:21 +0000
Subject: Split tls_handshake() out from tls_accept/tls_connect. By doing this
 the tls_accept/tls_connect functions can be guaranteed to succeed or fail and
 will no longer return TLS_READ_AGAIN/TLS_WRITE_AGAIN. This also resolves the
 semantics of tls_accept_*.

The tls_handshake() function now does I/O and can return
TLS_READ_AGAIN/TLS_WRITE_AGAIN. Calls to tls_read() and tls_write() will
trigger the handshake if it has not already completed, meaning that in many
cases existing code will continue to work.

Discussed over many coffees at l2k15.

ok beck@ bluhm@
---
 src/lib/libtls/tls.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libtls/tls.h')

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 579a97798e..8548fe1d83 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.15 2015/09/10 09:10:42 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.16 2015/09/10 10:14:20 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -94,6 +94,7 @@ int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
 int tls_connect_servername(struct tls *_ctx, const char *_host,
     const char *_port, const char *_servername);
 int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
+int tls_handshake(struct tls *_ctx);
 int tls_read(struct tls *_ctx, void *_buf, size_t _buflen, size_t *_outlen);
 int tls_write(struct tls *_ctx, const void *_buf, size_t _buflen,
     size_t *_outlen);
-- 
cgit v1.2.3-55-g6feb