httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r1706275 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
Date Thu, 01 Oct 2015 18:22:39 GMT


On 10/01/2015 06:59 PM, Graham Leggett wrote:
> On 01 Oct 2015, at 5:43 PM, ylavic@apache.org wrote:
> 
>> URL: http://svn.apache.org/viewvc?rev=1706275&view=rev
>> Log:
>> mod_ssl: follow up to r1705823.
>> We still need to flush in the middle of a SSL/TLS handshake.
> 
> Can you confirm why the flushing is necessary?
> 
> In theory mod_ssl should be switching the sense of any reads/writes as necessary without
any need for flushing.
> 

The issue is that openssl during the connect handshake to a clieent does not tell httpd to
flush. Hence the CLIENT_HELLO
remains in the core output filter buffer and openssl waits for the SERVER_HELLO from the remote
server which of course
does not happen without the CLIENT_HELLO having been sent there.

The whole game of reading and writing during the handshake happens inside openssl while SSL_connect
is running.
Apache code only gets back into this via bio_filter_out_write and bio_filter_in_read.


Regards

RĂ¼diger

Mime
View raw message