RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-07 22:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled.

Browse Source 
SSL may decide to switch to a handshake in the middle of a transfer due to
a reneg. In this case we don't want to re-enable polling because data might
have been left pending in the buffer. We just want to switch immediately to
the handshake mode.
This commit is contained in:
Emeric Brun 2012-11-08 18:02:56 +01:00 committed by Willy Tarreau
parent 8af8dd1a9a
commit 282a76acc1
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl_sock.c
View File

@ -984,6 +984,12 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
break; break;
} }
else if (ret == SSL_ERROR_WANT_READ) { else if (ret == SSL_ERROR_WANT_READ) {
if (SSL_renegotiate_pending(conn->xprt_ctx)) {
/* handshake is running, and it may need to re-enable read */
conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_recv(conn);
break;
}
/* we need to poll for retry a read later */ /* we need to poll for retry a read later */
__conn_data_poll_recv(conn); __conn_data_poll_recv(conn);
break; break;
@ -1056,6 +1062,12 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
else { else {
ret = SSL_get_error(conn->xprt_ctx, ret); ret = SSL_get_error(conn->xprt_ctx, ret);
if (ret == SSL_ERROR_WANT_WRITE) { if (ret == SSL_ERROR_WANT_WRITE) {
if (SSL_renegotiate_pending(conn->xprt_ctx)) {
/* handshake is running, and it may need to re-enable write */
conn->flags |= CO_FL_SSL_WAIT_HS;
__conn_sock_want_send(conn);
break;
}
/* we need to poll to retry a write later */ /* we need to poll to retry a write later */
__conn_data_poll_send(conn); __conn_data_poll_send(conn);
break; break;