httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: svn commit: r1706275 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
Date Tue, 06 Oct 2015 16:00:28 GMT
On Tue, Oct 6, 2015 at 5:44 PM, Joe Orton <> wrote:
> Hence In the server case, it seems reasonable to rely on BIO_flush()
> being called at the "right" times during the handshake.  Modulo the odd
> bug!
> But ssl/s3_clnt.c is not following that coding style at all, and it only
> does a flush after completing the handshake.  So I'd say the right thing
> here is to FLUSH after every packet which comes through the write BIO
> when the SSL state machine is in the middle of a "connect", i.e.
> handshake as client.
> tl;dr: I think Yann's patch should be right if the test is switched from
> "always flush if !SSL_is_init_finished(ssl)" to "always flush if
> SSL_in_connect_init(ssl)"???

Yes, I came to the same conclusion, but decided to use
SSL_is_init_finished(ssl) anyway because for the server case it seems
that openssl uses it own buffering mechanism to avoid writing small
chunks (after the client-hello is received), so possibly we could rely
on it (this also simplifies the logic).

View raw message