Repository: trafficserver Updated Branches: refs/heads/master 338392cec -> c8bd8b125
Add documentation Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/8785687d Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/8785687d Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/8785687d Branch: refs/heads/master Commit: 8785687d9c0179ac675f2dd76b6804a7e964fae6 Parents: c5dfc23 Author: shinrich <[email protected]> Authored: Tue Sep 23 15:06:41 2014 -0500 Committer: shinrich <[email protected]> Committed: Tue Sep 23 15:07:39 2014 -0500 ---------------------------------------------------------------------- doc/reference/api/TSVConnReenable.en.rst | 5 +++++ 1 file changed, 5 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/8785687d/doc/reference/api/TSVConnReenable.en.rst ---------------------------------------------------------------------- diff --git a/doc/reference/api/TSVConnReenable.en.rst b/doc/reference/api/TSVConnReenable.en.rst index c8efb3a..92dfb80 100644 --- a/doc/reference/api/TSVConnReenable.en.rst +++ b/doc/reference/api/TSVConnReenable.en.rst @@ -30,5 +30,10 @@ Description Reenable the SSL connection :arg:`svc`. If a plugin hook is called, ATS processing on that connnection will not resume until this is invoked for that connection. +If the server running Traffic Server has the appropriate openSSL patch installed, the SNI callback can return ``SSL_TLSEXT_ERR_READ_AGAIN`` to stop the SSL handshake processing. This results in ``SSL_accept`` returning ``SSL_ERROR_WANT_SNI_RESOLVE`` before completing the SSL handshake (only the client hello message will have been received). Additional processing could reenable the virtual connection causing the ``SSL_accept`` to be called again to complete the handshake exchange. In the case of a blind tunnel conversion, the SSL handshake will never be completed by Traffic Server. + +The plugin callbacks can halt the SSL handshake processing by not reenabling the connection (i.e., by not calling :c:func:`TSSslVConnReenable`). If a plugin SNI callback does not reenable the connection, the global callback will return ``SSL_TLSEXT_ERR_READ_AGAIN``. + +Without the openSSL patch, the handshake processing in ``SSL_accept`` will not be stopped even if the SNI callback does not reenable the connection.
