From da41725e5b5175e37eeb80a971ec58d496c0195f Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar.beutner@netways.de>
Date: Tue, 5 Aug 2014 08:40:06 +0200
Subject: [PATCH] Partially revert 3f647bb7797b3e71405c59eb280a4be74305c6b2

refs #6724
---
 lib/base/tlsstream.cpp | 33 ++++++++++++++++++++++-----------
 lib/base/tlsstream.hpp |  1 +
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp
index a01f15f13..a7ab8f3b8 100644
--- a/lib/base/tlsstream.cpp
+++ b/lib/base/tlsstream.cpp
@@ -76,6 +76,7 @@ TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, const share
  */
 shared_ptr<X509> TlsStream::GetClientCertificate(void) const
 {
+	boost::mutex::scoped_lock lock(m_SSLLock);
 	return shared_ptr<X509>(SSL_get_certificate(m_SSL.get()), &Utility::NullDeleter);
 }
 
@@ -86,6 +87,7 @@ shared_ptr<X509> TlsStream::GetClientCertificate(void) const
  */
 shared_ptr<X509> TlsStream::GetPeerCertificate(void) const
 {
+	boost::mutex::scoped_lock lock(m_SSLLock);
 	return shared_ptr<X509>(SSL_get_peer_certificate(m_SSL.get()), X509_free);
 }
 
@@ -94,12 +96,15 @@ void TlsStream::Handshake(void)
 	for (;;) {
 		int rc, err;
 
-		rc = SSL_do_handshake(m_SSL.get());
+		{
+			boost::mutex::scoped_lock lock(m_SSLLock);
+			rc = SSL_do_handshake(m_SSL.get());
 
-		if (rc > 0)
-			break;
+			if (rc > 0)
+				break;
 
-		err = SSL_get_error(m_SSL.get(), rc);
+			err = SSL_get_error(m_SSL.get(), rc);
+		}
 
 		switch (err) {
 			case SSL_ERROR_WANT_READ:
@@ -137,10 +142,13 @@ size_t TlsStream::Read(void *buffer, size_t count)
 	while (left > 0) {
 		int rc, err;
 
-		rc = SSL_read(m_SSL.get(), ((char *)buffer) + (count - left), left);
+		{
+			boost::mutex::scoped_lock lock(m_SSLLock);
+			rc = SSL_read(m_SSL.get(), ((char *)buffer) + (count - left), left);
 
-		if (rc <= 0)
-			err = SSL_get_error(m_SSL.get(), rc);
+			if (rc <= 0)
+				err = SSL_get_error(m_SSL.get(), rc);
+		}
 
 		if (rc <= 0) {
 			switch (err) {
@@ -181,10 +189,13 @@ void TlsStream::Write(const void *buffer, size_t count)
 	while (left > 0) {
 		int rc, err;
 
-		rc = SSL_write(m_SSL.get(), ((const char *)buffer) + (count - left), left);
+		{
+			boost::mutex::scoped_lock lock(m_SSLLock);
+			rc = SSL_write(m_SSL.get(), ((const char *)buffer) + (count - left), left);
 
-		if (rc <= 0)
-			err = SSL_get_error(m_SSL.get(), rc);
+			if (rc <= 0)
+				err = SSL_get_error(m_SSL.get(), rc);
+		}
 
 		if (rc <= 0) {
 			switch (err) {
@@ -221,7 +232,7 @@ void TlsStream::Write(const void *buffer, size_t count)
  */
 void TlsStream::Close(void)
 {
-	for (;;) {
+	for (int i = 0; i < 5; i++) {
 		int rc, err;
 
 		do {
diff --git a/lib/base/tlsstream.hpp b/lib/base/tlsstream.hpp
index 28362b1f8..1c8174564 100644
--- a/lib/base/tlsstream.hpp
+++ b/lib/base/tlsstream.hpp
@@ -54,6 +54,7 @@ public:
 
 private:
 	shared_ptr<SSL> m_SSL;
+	mutable boost::mutex m_SSLLock;
 	BIO *m_BIO;
 
 	Socket::Ptr m_Socket;
-- 
2.40.0