httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: svn commit: r1706275 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
Date Thu, 01 Oct 2015 18:22:39 GMT

On 10/01/2015 06:59 PM, Graham Leggett wrote:
> On 01 Oct 2015, at 5:43 PM, wrote:
>> URL:
>> Log:
>> mod_ssl: follow up to r1705823.
>> We still need to flush in the middle of a SSL/TLS handshake.
> Can you confirm why the flushing is necessary?
> In theory mod_ssl should be switching the sense of any reads/writes as necessary without
any need for flushing.

The issue is that openssl during the connect handshake to a clieent does not tell httpd to
flush. Hence the CLIENT_HELLO
remains in the core output filter buffer and openssl waits for the SERVER_HELLO from the remote
server which of course
does not happen without the CLIENT_HELLO having been sent there.

The whole game of reading and writing during the handshake happens inside openssl while SSL_connect
is running.
Apache code only gets back into this via bio_filter_out_write and bio_filter_in_read.



View raw message