From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Fri, 12 Oct 2001 06:27:04 +0000 (+0000)
Subject: Well, now I know what the bio_is_renegotiating call was for.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57f8e317b7808874bb90f8db04fce59e4b76adcc;p=thirdparty%2Fapache%2Fhttpd.git

Well, now I know what the bio_is_renegotiating call was for.

Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense.  Someone more familiar with OpenSSL should
verify the comment.

This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.

All httpd-test tests (except for the module/negotiation test) pass now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91442 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 203f93bdb49..16c97149ae2 100644
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -271,6 +271,19 @@ static apr_status_t churn_input(SSLFilterRec *pRec, ap_input_mode_t eMode,
     /* Flush the output buffers. */
     churn_output(pRec);
 
+    /* Note: ssl_engine_kernel.c calls ap_get_brigade when it wants to 
+     * renegotiate.  Therefore, we must handle this by reading from
+     * the socket and *NOT* reading into ctx->b from the BIO.  This is a 
+     * very special case and needs to be treated as such.
+     *
+     * We need to tell all of the higher level filters that we didn't
+     * return anything.  OpenSSL will know that we did anyway and try to
+     * read directly via our BIO.
+     */
+    if (bio_is_renegotiating(pRec->pbioRead)) {
+        return APR_SUCCESS;
+    }
+
     /* Before we actually read any unencrypted data, go ahead and
      * let ssl_hook_process_connection have a shot at it. 
      */
@@ -436,15 +449,15 @@ static apr_status_t ssl_io_filter_Input(ap_filter_t *f,
     {
         apr_bucket_brigade *newbb;
 
+        /* ### This is bad. */
+        APR_BRIGADE_NORMALIZE(ctx->b);
+
         /* churn the state machine */
         ret = churn_input(ctx, mode, readbytes);
 
         if (ret != APR_SUCCESS)
 	        return ret;
 
-        /* ### This is bad. */
-        APR_BRIGADE_NORMALIZE(ctx->b);
-
         apr_brigade_length(ctx->b, 0, &tempread);
 
         if (*readbytes < tempread) {