httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Date Fri, 12 Oct 2001 06:27:05 GMT
jerenkrantz    01/10/11 23:27:04

  Modified:    modules/ssl ssl_engine_io.c
  Log:
  Well, now I know what the bio_is_renegotiating call was for.
  
  Place a big-ass comment there so that whomever comes next isn't stuck
  at a cryptic call that they don't understand with a dinky comment.
  Hopefully, this makes sense.  Someone more familiar with OpenSSL should
  verify the comment.
  
  This fix also requires the normalize call to be performed before
  churn_input so that we don't enter churn_input with a 0-length ctx->b
  brigade.
  
  All httpd-test tests (except for the module/negotiation test) pass now.
  
  Revision  Changes    Path
  1.41      +16 -3     httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- ssl_engine_io.c	2001/10/12 04:59:19	1.40
  +++ ssl_engine_io.c	2001/10/12 06:27:04	1.41
  @@ -271,6 +271,19 @@
       /* Flush the output buffers. */
       churn_output(pRec);
   
  +    /* Note: ssl_engine_kernel.c calls ap_get_brigade when it wants to 
  +     * renegotiate.  Therefore, we must handle this by reading from
  +     * the socket and *NOT* reading into ctx->b from the BIO.  This is a 
  +     * very special case and needs to be treated as such.
  +     *
  +     * We need to tell all of the higher level filters that we didn't
  +     * return anything.  OpenSSL will know that we did anyway and try to
  +     * read directly via our BIO.
  +     */
  +    if (bio_is_renegotiating(pRec->pbioRead)) {
  +        return APR_SUCCESS;
  +    }
  +
       /* Before we actually read any unencrypted data, go ahead and
        * let ssl_hook_process_connection have a shot at it. 
        */
  @@ -436,14 +449,14 @@
       {
           apr_bucket_brigade *newbb;
   
  +        /* ### This is bad. */
  +        APR_BRIGADE_NORMALIZE(ctx->b);
  +
           /* churn the state machine */
           ret = churn_input(ctx, mode, readbytes);
   
           if (ret != APR_SUCCESS)
   	        return ret;
  -
  -        /* ### This is bad. */
  -        APR_BRIGADE_NORMALIZE(ctx->b);
   
           apr_brigade_length(ctx->b, 0, &tempread);
   
  
  
  

Mime
View raw message