TS-3283: Certain SSL handshake error during client-hello hangs the client and leaves network connection open
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cadb017e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cadb017e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cadb017e Branch: refs/heads/4.2.x Commit: cadb017ecee0c53ab1cf9d5b0ab5f7ead9204156 Parents: dbbbbab Author: Joe Chung <[email protected]> Authored: Wed Jan 21 15:08:59 2015 -0700 Committer: Phil Sorber <[email protected]> Committed: Wed Jan 21 15:08:59 2015 -0700 ---------------------------------------------------------------------- CHANGES | 3 +++ iocore/net/SSLNextProtocolAccept.cc | 13 ++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cadb017e/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index a653697..73c0c9d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 4.2.3 + *) [TS-3283] Certain SSL handshake error during client-hello hangs the client and + leaves network connection open. + *) [TS-3304] Add NULL check to ink_inet_addr() input. *) [TS-898] Remove pointless NULL check on address of array. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cadb017e/iocore/net/SSLNextProtocolAccept.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc index bfc2f0b..a5612c6 100644 --- a/iocore/net/SSLNextProtocolAccept.cc +++ b/iocore/net/SSLNextProtocolAccept.cc @@ -78,19 +78,22 @@ struct SSLNextProtocolTrampoline : public Continuation Continuation * plugin; SSLNetVConnection * netvc; + vio = static_cast<VIO *>(edata); + netvc = dynamic_cast<SSLNetVConnection *>(vio->vc_server); + ink_assert(netvc != NULL); + switch (event) { case VC_EVENT_INACTIVITY_TIMEOUT: - case VC_EVENT_READ_COMPLETE: case VC_EVENT_ERROR: - vio = static_cast<VIO *>(edata); + netvc->do_io(VIO::CLOSE); + delete this; + return EVENT_CONT; + case VC_EVENT_READ_COMPLETE: break; default: return EVENT_ERROR; } - netvc = dynamic_cast<SSLNetVConnection *>(vio->vc_server); - ink_assert(netvc != NULL); - plugin = netvc->endpoint(); if (plugin) { send_plugin_event(plugin, NET_EVENT_ACCEPT, netvc);
