From: Willy Tarreau <w@1wt.eu>
Date: Wed, 25 Oct 2017 13:34:39 +0000 (+0200)
Subject: MINOR: ssl: don't abort after sending 16kB
X-Git-Tag: v1.8-rc1~230
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8de70bcb54200ba217447941eeeb4f14ed2d803e;p=thirdparty%2Fhaproxy.git

MINOR: ssl: don't abort after sending 16kB

SSL records are 16kB max. When trying to send larger data chunks at once,
SSL_read() only processes 16kB and ssl_sock_from_buf() believes it means
the system buffers are full, which is not the case, contrary to raw_sock.
This is particularly noticeable with HTTP/2 when using a 64kB buffer with
multiple streams, as the mux buffer can start to fill up pretty quickly
in this situation, slowing down the data delivery.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 39063ecf15..3afcd52449 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5009,10 +5009,6 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
 			if (likely(buffer_empty(buf)))
 				/* optimize data alignment in the buffer */
 				buf->p = buf->data;
-
-			/* if the system buffer is full, don't insist */
-			if (ret < try)
-				break;
 		}
 		else {
 			ret = SSL_get_error(conn->xprt_ctx, ret);