httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: svn commit: r1706275 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
Date Wed, 07 Oct 2015 09:17:26 GMT
On 07 Oct 2015, at 10:04 AM, Joe Orton <> wrote:

> That's really interesting.  That extra buffering BIO makes sense if 
> OpenSSL is writing to the socket descriptor directly, as with pre-2.x 
> mod_ssl, but doesn't really make sense with 2.x mod_ssl, since the core 
> output filter is doing that work in the "right" place.
> I guess it doesn't impact performance much because it's handshake-time 
> only as you say, but still, it would be interesting to try ripping that 
> out.

As I understand we’re using openssl in non blocking mode, which means that openssl will
ask us permission before attempting any read or write.

The core will then in turn either read or write as requested by openssl based on the “sense”

If openssl has a bug and reads/writes without first asking permission we’ll block, but by
the same token if openssl as asking us permission using SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
and we’re ignoring openssl, we’ll block for the same reason.

If there is some kind of buffer in between openssl and httpd, that will probably cause strange
behaviour too, agreed that we should take that out.


View raw message