]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 922bcdd)
Well, now I know what the bio_is_renegotiating call was for.
authorJustin Erenkrantz <jerenkrantz@apache.org>
Fri, 12 Oct 2001 06:27:04 +0000 (06:27 +0000)
committerJustin Erenkrantz <jerenkrantz@apache.org>
Fri, 12 Oct 2001 06:27:04 +0000 (06:27 +0000)
Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense.  Someone more familiar with OpenSSL should
verify the comment.

This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.

All httpd-test tests (except for the module/negotiation test) pass now.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91442 13f79535-47bb-0310-9956-ffa450edef68

ssl_engine_io.c patch | blob | blame | history

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 203f93bdb49a21e93fc7edb191afcedfc84216ed..16c97149ae28c2faf0fbf415b3a505b1b75ba8d0 100644 (file)
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -271,6 +271,19 @@ static apr_status_t churn_input(SSLFilterRec *pRec, ap_input_mode_t eMode,
     /* Flush the output buffers. */
     churn_output(pRec);
 
+    /* Note: ssl_engine_kernel.c calls ap_get_brigade when it wants to 
+     * renegotiate.  Therefore, we must handle this by reading from
+     * the socket and *NOT* reading into ctx->b from the BIO.  This is a 
+     * very special case and needs to be treated as such.
+     *
+     * We need to tell all of the higher level filters that we didn't
+     * return anything.  OpenSSL will know that we did anyway and try to
+     * read directly via our BIO.
+     */
+    if (bio_is_renegotiating(pRec->pbioRead)) {
+        return APR_SUCCESS;
+    }
+
     /* Before we actually read any unencrypted data, go ahead and
      * let ssl_hook_process_connection have a shot at it. 
      */
@@ -436,15 +449,15 @@ static apr_status_t ssl_io_filter_Input(ap_filter_t *f,
     {
         apr_bucket_brigade *newbb;
 
+        /* ### This is bad. */
+        APR_BRIGADE_NORMALIZE(ctx->b);
+
         /* churn the state machine */
         ret = churn_input(ctx, mode, readbytes);
 
         if (ret != APR_SUCCESS)
                return ret;
 
-        /* ### This is bad. */
-        APR_BRIGADE_NORMALIZE(ctx->b);
-
         apr_brigade_length(ctx->b, 0, &tempread);
 
         if (*readbytes < tempread) {
Mirror of https://github.com/apache/httpd.git