Repository: trafficserver Updated Branches: refs/heads/master 6f66b7a18 -> 0ca8bff4c
TS-3790: action=tunnel attribute will cause crash. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0ca8bff4 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0ca8bff4 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0ca8bff4 Branch: refs/heads/master Commit: 0ca8bff4c52ac066fbc74f8061338b9a8d1763fc Parents: 6f66b7a Author: shinrich <shinr...@yahoo-inc.com> Authored: Wed Jul 22 12:57:49 2015 -0500 Committer: shinrich <shinr...@yahoo-inc.com> Committed: Wed Jul 22 15:19:39 2015 -0500 ---------------------------------------------------------------------- iocore/net/SSLNetVConnection.cc | 77 ++++++++++---------- .../ssl_cert_loader/ssl-cert-loader.cc | 1 - 2 files changed, 37 insertions(+), 41 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ca8bff4/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index e06f749..ebeda32 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -445,49 +445,46 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) ret = sslStartHandShake(SSL_EVENT_SERVER, err); } // If we have flipped to blind tunnel, don't read ahead - if (this->handShakeReader) { - if (this->attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) { - // Check and consume data that has been read - if (BIO_eof(SSL_get_rbio(this->ssl))) { - this->handShakeReader->consume(this->handShakeBioStored); - this->handShakeBioStored = 0; - } - } else { - // Now in blind tunnel. Set things up to read what is in the buffer - // Must send the READ_COMPLETE here before considering - // forwarding on the handshake buffer, so the - // SSLNextProtocolTrampoline has a chance to do its - // thing before forwarding the buffers. - this->readSignalDone(VC_EVENT_READ_COMPLETE, nh); - - // If the handshake isn't set yet, this means the tunnel - // decision was make in the SNI callback. We must move - // the client hello message back into the standard read.vio - // so it will get forwarded onto the origin server - if (!this->getSSLHandShakeComplete()) { - this->sslHandShakeComplete = 1; - - // Copy over all data already read in during the SSL_accept - // (the client hello message) - NetState *s = &this->read; - MIOBufferAccessor &buf = s->vio.buffer; - int64_t r = buf.writer()->write(this->handShakeHolder); - s->vio.nbytes += r; - s->vio.ndone += r; - - // Clean up the handshake buffers - this->free_handshake_buffers(); - - if (r > 0) { - // Kick things again, so the data that was copied into the - // vio.read buffer gets processed - this->readSignalDone(VC_EVENT_READ_COMPLETE, nh); - } + if (this->handShakeReader && this->attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) { + // Check and consume data that has been read + if (BIO_eof(SSL_get_rbio(this->ssl))) { + this->handShakeReader->consume(this->handShakeBioStored); + this->handShakeBioStored = 0; + } + } else if (this->attributes == HttpProxyPort::TRANSPORT_BLIND_TUNNEL) { + // Now in blind tunnel. Set things up to read what is in the buffer + // Must send the READ_COMPLETE here before considering + // forwarding on the handshake buffer, so the + // SSLNextProtocolTrampoline has a chance to do its + // thing before forwarding the buffers. + this->readSignalDone(VC_EVENT_READ_COMPLETE, nh); + + // If the handshake isn't set yet, this means the tunnel + // decision was make in the SNI callback. We must move + // the client hello message back into the standard read.vio + // so it will get forwarded onto the origin server + if (!this->getSSLHandShakeComplete()) { + this->sslHandShakeComplete = 1; + + // Copy over all data already read in during the SSL_accept + // (the client hello message) + NetState *s = &this->read; + MIOBufferAccessor &buf = s->vio.buffer; + int64_t r = buf.writer()->write(this->handShakeHolder); + s->vio.nbytes += r; + s->vio.ndone += r; + + // Clean up the handshake buffers + this->free_handshake_buffers(); + + if (r > 0) { + // Kick things again, so the data that was copied into the + // vio.read buffer gets processed + this->readSignalDone(VC_EVENT_READ_COMPLETE, nh); } - return; } + return; } - if (ret == EVENT_ERROR) { this->read.triggered = 0; readSignalError(nh, err); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ca8bff4/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc ---------------------------------------------------------------------- diff --git a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc index b572e45..790d741 100644 --- a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc +++ b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc @@ -521,7 +521,6 @@ TSPluginInit(int argc, const char *argv[]) TSLifecycleHookAdd(TS_LIFECYCLE_PORTS_INITIALIZED_HOOK, cb_lc); TSHttpHookAdd(TS_VCONN_PRE_ACCEPT_HOOK, cb_pa); TSHttpHookAdd(TS_SSL_SNI_HOOK, cb_sni); - TSHttpHookAdd(TS_SSL_SNI_HOOK, cb_sni2); success = true; }