> On June 27, 2014, 2:42 p.m., Matt Jordan wrote: > >
> hence a 'retry once' poll may not be sufficient regardless to read all of the > data from the socket. I am not sure, I understand you guys. Just to clarify my intentions: The proposed patch is not about to fix/resolve all issues in TLS reading. Actually, I think the latest changes in tcptls.c do this already. However here, this patch tries to workaround one bug in the existing code. Our current code does: 1. ast_wait_for_input (no operation, from my point of view) 2. fgets 3. (optionally) ast_wait_for_input 4. (optionally) fgets … and so on. Here, the proposed patch changes this to 1. fgets 2. (optionally) ast_wait_for_input 3. (optionally) fgets 4. (optionally) ast_wait_for_input … and so on. The released code (as of Asterisk 12.3.2) fails in my corner case (see the appended bug), because the underlying SSL_read returned SSL_ERROR_WANT_READ. Therefore in step 2, fgets returned -1 already, therefore the while loop is exited with the failure code -1. Yes, theoretically, fgets could return -1 more than once. Therefore a retry-once *might* not be sufficient. However, this is not what this patch is about to fix. I do not face that particular issue (retry-n required), nor do I try to solve that. Until someone offers a patch which introduces a retry-n-times, I would like to see this patch to pass. - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3653/#review12371 ----------------------------------------------------------- On June 20, 2014, 2:06 p.m., Alexander Traud wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviewboard.asterisk.org/r/3653/ > ----------------------------------------------------------- > > (Updated June 20, 2014, 2:06 p.m.) > > > Review request for Asterisk Developers. > > > Bugs: ASTERISK-18345 > https://issues.asterisk.org/jira/browse/ASTERISK-18345 > > > Repository: Asterisk > > > Description > ------- > > With some large SDP, a *second* poll is required on the first part of a TLS > message. > > The current code did not poll a second time because the variable need_poll > was inited with yes (1). That poll was a no-operation because there was a > socket event already (which mandates fgets without poll). In the current > code, poll returned immediately, fgets returned NULL, after_poll was yes (1), > sip_tls_read returned failed (-1), _sip_tcp_helper_thread went to cleanup, > called ast_tcptls_close_session_file, which closed the TLS connection. > > The proposed patch, reads the gets the first message. If that failed, it does > poll. This fixed all large SDP issues with SIP over TLS which I faced. > > I am aware there were changes committed to tcptls.c just recently (revision > 415907). Anyway, let us fix this bug as well. > > > Diffs > ----- > > trunk/channels/chan_sip.c 416319 > > Diff: https://reviewboard.asterisk.org/r/3653/diff/ > > > Testing > ------- > > Asterisk 12.3 > > > Thanks, > > Alexander Traud > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
