On Tue, 13 Sep 2005, Serassio Guido wrote:
Henrik, you are the "SSL guru". If you have time, do you can look to bugs
#859, #1269 and #1355 ? The SSL code in 3.0 is heavy refactored, and for me
is very hard to understand what should be changed (if any).
None of these is SSL related. All is about the CONNECT tunnel method.
The 3.0 code is quite likely not OK as it is. But looking at the patches
above isolated is not easy either as later patches backs out failures of
earlier patches. 1355 fixes an important bug in 1269. 1269 backs out a lot
of 859, replacing it with another strategy.
How CONNECT should work:
0. Should close connections as early as possible when either side
terminates.
1. But data pending in either direction needs to be sent before the
connection is closed.
2. If the client has closed it's connection we need to close the server
connection as soon as there is no more data to be sent to the server, or
immediately if there is no data pending to be sent to the server. And
similarily in the other direction.
3. If the client closes the connection before the server conection has
been estalished then we should immediately abort the connection. No need
to care for any pending data already sent to us by the client in this
case.
Regards
Henrik
