httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: svn commit: r1706275 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
Date Sat, 03 Oct 2015 19:10:25 GMT
On 01 Oct 2015, at 8:22 PM, Ruediger Pluem <> wrote:

> The issue is that openssl during the connect handshake to a clieent does not tell httpd
to flush. Hence the CLIENT_HELLO
> remains in the core output filter buffer and openssl waits for the SERVER_HELLO from
the remote server which of course
> does not happen without the CLIENT_HELLO having been sent there.
> The whole game of reading and writing during the handshake happens inside openssl while
SSL_connect is running.
> Apache code only gets back into this via bio_filter_out_write and bio_filter_in_read.

While working on the async write completion patch I was having all sorts of headaches with
incomplete requests, and eventually reached the point where I removed THRESHOLD_MIN_WRITE
completely and suddenly sanity returned across the board.

In the async code there is no way to assume you can not-write when you’ve been asked to
write, because there is no way to tell whether more data is coming after this data. If you
skip the write in the hope that more data comes but no data does come, you hang.

I get that THRESHOLD_MIN_WRITE was trying to prevent the sending of small packets, but really
that should be solved by the filters themselves.


View raw message