From: Yann Ylavic <ylavic@apache.org>
Date: Tue, 29 Sep 2015 09:42:56 +0000 (+0000)
Subject: mod_ssl: don't FLUSH output (blocking) on read.
X-Git-Tag: 2.5.0-alpha~2791
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b54dd43b253f2e9beb550cfe4e79fe9909af420;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: don't FLUSH output (blocking) on read.
This defeats deferred write (and pipelining), eg. check_pipeline() is not
expecting the pipe to be flushed under it.
So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions
are known to not handle all the cases, so we keep flushing with those).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1705823 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 6631bf1b190..340011865ad 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -466,9 +466,10 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen)
     }
 
     /* In theory, OpenSSL should flush as necessary, but it is known
-     * not to do so correctly in some cases; see PR 46952.
-     *
-     * Historically, this flush call was performed only for an SSLv2
+     * not to do so correctly in some cases (< 0.9.8m); see PR 46952.
+     */
+#if OPENSSL_VERSION_NUMBER < 0x0009080df
+    /* Historically, this flush call was performed only for an SSLv2
      * connection or for a proxy connection.  Calling _out_flush
      * should be very cheap in cases where it is unnecessary (and no
      * output is buffered) so the performance impact of doing it