httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@attglobal.net>
Subject Re: [PATCH] SSL: stop trying to talk to client after a negotiation failure?
Date Thu, 17 Jul 2003 10:44:48 GMT
Joe Orton wrote:

> * ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output): Don't
> dereference the BIOs in filter_ctx when filter_ctx->pssl is NULL.
> 
> Index: ssl_engine_io.c
> ===================================================================


+1 for your patch...  it is a cleaner patch than what the PR reporter 
provided in http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21370

With sufficient caffeine, I see that the patch I posted to set 
c->aborted in a couple of places is different than the one the PR 
reporter had posted (I said it was his because I thought they were the 
same and I couldn't recall whether I came up with the idea before/after 
I saw his patch :) )

So my patch posted earlier in this thread is a second patch to commit...

There is still part of the PR reporter's patch that is unaccounted for:

Diff:
diff -c -r1.2 -r1.3
*** ssl_engine_io.c     2003/04/16 14:14:39     1.2
--- ssl_engine_io.c     2003/07/03 11:36:24     1.3
***************
*** 1112,1117 ****
--- 1122,1129 ----
               inctx->rc = APR_EGENERAL;
           }

+               /* 2.7.2003/hk,mv: handshake failed, close the connection */
+               c->aborted=1;
           return ssl_filter_io_shutdown(filter_ctx, c, 1);
       }

***************
*** 1153,1158 ****
--- 1165,1172 ----
                            error ? error : "unknown");
               ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);

+                       /* 2.7.2003/hk,mv: no client cert, close the 
connection
*/
+                       c->aborted=1;
               return ssl_filter_io_shutdown(filter_ctx, c, 1);
           }
       }

I didn't need this change in my testing, but it looks to me that it is 
proper for c->aborted to be set on this path, and that 
ssl_filter_io_shutdown() should do the setting instead of putting it 
here since any time ssl_filter_io_shutdown() is called it is appropriate 
for c->aborted to be set.

I will be off the net for 10 days starting this afternoon and have some 
crucial stuff to do in the meantime (find passport, pack, etc.).  If I 
haven't committed this stuff yet, go for it.  If I have, my apologies to 
everyone if something breaks :)



Mime
View raw message