Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Apache: CVS svn commit: r788715 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c   Index | Next | Previous | View Flat

jorton at apache Jun 26, 2009, 7:22 AM Views: 116 Permalink svn commit: r788715 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Author: jorton Date: Fri Jun 26 14:22:20 2009 New Revision: 788715 URL: http://svn.apache.org/viewvc?rev=788715&view=rev Log: Fix hung SSL handshake if a particularly long CA list is configured: * modules/ssl/ssl_engine_io.c (bio_filter_in_read): Flush pending output unconditionally since OpenSSL is known to not flush correctly at all times, and it should be cheap even in cases where it is unnecessary. PR: 46952 Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=788715&r1=788714&r2=788715&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Fri Jun 26 14:22:20 2009 @@ -469,7 +469,6 @@ apr_size_t inl = inlen; bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)(bio->ptr); apr_read_type_e block = inctx->block; - SSLConnRec *sslconn = myConnConfig(inctx->f->c); inctx->rc = APR_SUCCESS; @@ -477,17 +476,19 @@ if (!in) return 0; - /* XXX: flush here only required for SSLv2; - * OpenSSL calls BIO_flush() at the appropriate times for - * the other protocols. + /* In theory, OpenSSL should flush as necessary, but it is known + * not to do so correctly in some cases; see PR 46952. + * + * Historically, this flush call was performed only for an SSLv2 + * connection or for a proxy connection. Calling _out_flush + * should be very cheap in cases where it is unnecessary (and no + * output is buffered) so the performance impact of doing it + * unconditionally should be minimal. */ - if ((SSL_version(inctx->ssl) == SSL2_VERSION) || sslconn->is_proxy) { - if (bio_filter_out_flush(inctx->bio_out) < 0) { - bio_filter_out_ctx_t *outctx = - (bio_filter_out_ctx_t *)(inctx->bio_out->ptr); - inctx->rc = outctx->rc; - return -1; - } + if (bio_filter_out_flush(inctx->bio_out) < 0) { + bio_filter_out_ctx_t *outctx = inctx->bio_out->ptr; + inctx->rc = outctx->rc; + return -1; } BIO_clear_retry_flags(bio);

Subject User Time svn commit: r788715 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c jorton at apache Jun 26, 2009, 7:22 AM

Index | Next | Previous | View Flat   Apache     Announce     Users     Dev     Bugs     CVS     Docs

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.