[jira] [Resolved] (TS-3372) Need to find another solution to SSL_set_rbio

["Susan Hinrichs (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/TS-3372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Susan Hinrichs resolved TS-3372.
--------------------------------
    Resolution: Fixed

> Need to find another solution to SSL_set_rbio
> ---------------------------------------------
>
>                 Key: TS-3372
>                 URL: https://issues.apache.org/jira/browse/TS-3372
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Susan Hinrichs
>            Assignee: Susan Hinrichs
>             Fix For: 6.0.0
>
>
> We currently use readonly membuf BIOs to feed the handshake buffers into the SSL_accept.  We added this to enable a SSL connection to transition into a blind tunneled connection.  We would have the first packet in a io buffer ready to send onto the origin server if the plugin decided to blind tunnel.
> To make this work, we would have to reset the read bio on each packet, since we are passing in read-only pointers to our io buffer structures.
> Openssl provides a SSL_set_bio() call that lets you reset the read and write bios for the SSL.  And you could use SSL_get_wbio() to feed back in the same write bio.  But in the code, if buffered output is enabled (which it is in our case), the write bio state is changed even if the write bio we pass in is identical to the write bio that is already present.
> To make things work, I added a SSL_set_rbio that only frees and sets the rbio.  This works fine for us.  But with the next major version (1.1) we will not be able to read into the ssl data structure and adjust the rbio field directly.
> Either we need to find the official approved solution to this problem or get them to add one.  
> We have also discussed bypassing the openssl buffering and use ATS buffing based on io buffers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)