httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: SSL Input Filter bogosity
Date Thu, 31 Oct 2002 06:11:30 GMT
At 09:57 PM 10/30/2002, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
>+1 on the collapsing of ssl_io_hook_read() and ssl_io_input_read(). I think
>it's really good. Some observations about the patch :
>1. I think "apr_bucket *bucket" might be better out of the while() loop
>rather than within the while(). But, with/without that change, it doesn't
>work for me. Rather, using inbio->bucket works.

No.  The underlying problem is that the bucket read is bogus.

Stepping a request, I realized that our API doesn't actually consume
the data (and this was confirmed as by-design.)  So, we need a real
consuming read call here.  The first bucket of our brigade is immortal
(determination that the request wasn't HTTP).  To write this filter
properly, we need to use the right semantics.  My patch doesn't.

>2. I'm slightly confused about the following :
>-        if ((len <= inl) || inbio->mode == AP_MODE_GETLINE) {
>+        if (len >= inl) {

>=> I thought the way it ought to work is if char_buffer_read() returns less
>than what you get, then just return - otherwise, continue. But, it seems to
>be other way. I'm still looking into it.

That line REALLY confused me too.  It looks like we don't try a
fetch here.  But we certainly should, if data is available on the
socket and we haven't fetched it just yet.

All that MODE_GETLINE b.s. is meaningless to SSL.  You have to
grab all the bytes required to decode one full packet.  If we don't
do so, we are just spinning.


View raw message