You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/07/22 22:21:10 UTC
trafficserver git commit: TS-3790: action=tunnel attribute will cause
crash.
Repository: trafficserver
Updated Branches:
refs/heads/master 6f66b7a18 -> 0ca8bff4c
TS-3790: action=tunnel attribute will cause crash.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0ca8bff4
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0ca8bff4
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0ca8bff4
Branch: refs/heads/master
Commit: 0ca8bff4c52ac066fbc74f8061338b9a8d1763fc
Parents: 6f66b7a
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 22 12:57:49 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 22 15:19:39 2015 -0500
----------------------------------------------------------------------
iocore/net/SSLNetVConnection.cc | 77 ++++++++++----------
.../ssl_cert_loader/ssl-cert-loader.cc | 1 -
2 files changed, 37 insertions(+), 41 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ca8bff4/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index e06f749..ebeda32 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -445,49 +445,46 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
ret = sslStartHandShake(SSL_EVENT_SERVER, err);
}
// If we have flipped to blind tunnel, don't read ahead
- if (this->handShakeReader) {
- if (this->attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) {
- // Check and consume data that has been read
- if (BIO_eof(SSL_get_rbio(this->ssl))) {
- this->handShakeReader->consume(this->handShakeBioStored);
- this->handShakeBioStored = 0;
- }
- } else {
- // Now in blind tunnel. Set things up to read what is in the buffer
- // Must send the READ_COMPLETE here before considering
- // forwarding on the handshake buffer, so the
- // SSLNextProtocolTrampoline has a chance to do its
- // thing before forwarding the buffers.
- this->readSignalDone(VC_EVENT_READ_COMPLETE, nh);
-
- // If the handshake isn't set yet, this means the tunnel
- // decision was make in the SNI callback. We must move
- // the client hello message back into the standard read.vio
- // so it will get forwarded onto the origin server
- if (!this->getSSLHandShakeComplete()) {
- this->sslHandShakeComplete = 1;
-
- // Copy over all data already read in during the SSL_accept
- // (the client hello message)
- NetState *s = &this->read;
- MIOBufferAccessor &buf = s->vio.buffer;
- int64_t r = buf.writer()->write(this->handShakeHolder);
- s->vio.nbytes += r;
- s->vio.ndone += r;
-
- // Clean up the handshake buffers
- this->free_handshake_buffers();
-
- if (r > 0) {
- // Kick things again, so the data that was copied into the
- // vio.read buffer gets processed
- this->readSignalDone(VC_EVENT_READ_COMPLETE, nh);
- }
+ if (this->handShakeReader && this->attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) {
+ // Check and consume data that has been read
+ if (BIO_eof(SSL_get_rbio(this->ssl))) {
+ this->handShakeReader->consume(this->handShakeBioStored);
+ this->handShakeBioStored = 0;
+ }
+ } else if (this->attributes == HttpProxyPort::TRANSPORT_BLIND_TUNNEL) {
+ // Now in blind tunnel. Set things up to read what is in the buffer
+ // Must send the READ_COMPLETE here before considering
+ // forwarding on the handshake buffer, so the
+ // SSLNextProtocolTrampoline has a chance to do its
+ // thing before forwarding the buffers.
+ this->readSignalDone(VC_EVENT_READ_COMPLETE, nh);
+
+ // If the handshake isn't set yet, this means the tunnel
+ // decision was make in the SNI callback. We must move
+ // the client hello message back into the standard read.vio
+ // so it will get forwarded onto the origin server
+ if (!this->getSSLHandShakeComplete()) {
+ this->sslHandShakeComplete = 1;
+
+ // Copy over all data already read in during the SSL_accept
+ // (the client hello message)
+ NetState *s = &this->read;
+ MIOBufferAccessor &buf = s->vio.buffer;
+ int64_t r = buf.writer()->write(this->handShakeHolder);
+ s->vio.nbytes += r;
+ s->vio.ndone += r;
+
+ // Clean up the handshake buffers
+ this->free_handshake_buffers();
+
+ if (r > 0) {
+ // Kick things again, so the data that was copied into the
+ // vio.read buffer gets processed
+ this->readSignalDone(VC_EVENT_READ_COMPLETE, nh);
}
- return;
}
+ return;
}
-
if (ret == EVENT_ERROR) {
this->read.triggered = 0;
readSignalError(nh, err);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ca8bff4/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
----------------------------------------------------------------------
diff --git a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
index b572e45..790d741 100644
--- a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
+++ b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
@@ -521,7 +521,6 @@ TSPluginInit(int argc, const char *argv[])
TSLifecycleHookAdd(TS_LIFECYCLE_PORTS_INITIALIZED_HOOK, cb_lc);
TSHttpHookAdd(TS_VCONN_PRE_ACCEPT_HOOK, cb_pa);
TSHttpHookAdd(TS_SSL_SNI_HOOK, cb_sni);
- TSHttpHookAdd(TS_SSL_SNI_HOOK, cb_sni2);
success = true;
}