This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 19cc051 TS-4075: add a state check for sslHandshakeHookState
after PreAcceptHookState checking. This closes #374.
19cc051 is described below
commit 19cc051bb9e803855d2fb424ccf8a4b9546dc49d
Author: Oknet <[email protected]>
AuthorDate: Mon Dec 14 20:00:45 2015 +0800
TS-4075: add a state check for sslHandshakeHookState after
PreAcceptHookState checking. This closes #374.
---
iocore/net/SSLNetVConnection.cc | 52 ++++++++++++++++++++++-------------------
1 file changed, 28 insertions(+), 24 deletions(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 7f299c2..3f688bf 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1042,6 +1042,11 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
}
}
+ // handle SNI Hooks after PreAccept Hooks
+ if (HANDSHAKE_HOOKS_DONE != sslHandshakeHookState && HANDSHAKE_HOOKS_PRE !=
sslHandshakeHookState) {
+ return SSL_WAIT_FOR_HOOK;
+ }
+
// If a blind tunnel was requested in the pre-accept calls, convert.
// Again no data has been exchanged, so we can go directly
// without data replay.
@@ -1387,10 +1392,9 @@ SSLNetVConnection::select_next_protocol(SSL *ssl, const
unsigned char **out, uns
void
SSLNetVConnection::reenable(NetHandler *nh)
{
- if (this->sslPreAcceptHookState != SSL_HOOKS_DONE) {
- this->sslPreAcceptHookState = SSL_HOOKS_INVOKE;
- this->readReschedule(nh);
- } else {
+ if (sslPreAcceptHookState != SSL_HOOKS_DONE) {
+ sslPreAcceptHookState = SSL_HOOKS_INVOKE;
+ } else if (sslHandshakeHookState == HANDSHAKE_HOOKS_INVOKE) {
// Reenabling from the handshake callback
//
// Originally, we would wait for the callback to go again to execute
additinonal
@@ -1400,16 +1404,17 @@ SSLNetVConnection::reenable(NetHandler *nh)
// here in the reenable.
if (curHook != NULL) {
curHook = curHook->next();
- if (curHook != NULL) {
- // Invoke the hook
- curHook->invoke(TS_SSL_CERT_HOOK, this);
- }
}
- if (curHook == NULL) {
+ if (curHook != NULL) {
+ // Invoke the hook and return, wait for next reenable
+ curHook->invoke(TS_SSL_CERT_HOOK, this);
+ return;
+ } else { // curHook == NULL
+ // empty, set state to HOOKS_DONE
this->sslHandshakeHookState = HANDSHAKE_HOOKS_DONE;
- this->readReschedule(nh);
}
}
+ this->readReschedule(nh);
}
bool
@@ -1433,34 +1438,33 @@ SSLNetVConnection::callHooks(TSHttpHookID eventId)
// Only dealing with the SNI/CERT hook so far.
// TS_SSL_SNI_HOOK and TS_SSL_CERT_HOOK are the same value
ink_assert(eventId == TS_SSL_CERT_HOOK);
+ Debug("ssl", "callHooks sslHandshakeHookState=%d",
this->sslHandshakeHookState);
- // First time through, set the type of the hook that is currently
- // being invoked
- if (this->sslHandshakeHookState == HANDSHAKE_HOOKS_PRE) {
+ // First time through, set the type of the hook that is currently being
invoked
+ if (HANDSHAKE_HOOKS_PRE == sslHandshakeHookState) {
+ // the previous hook should be DONE and set curHook to NULL before trigger
the sni hook.
+ ink_assert(curHook == NULL);
+ // set to HOOKS_CERT means CERT/SNI hooks has called by SSL_accept()
this->sslHandshakeHookState = HANDSHAKE_HOOKS_CERT;
- }
-
- if (this->sslHandshakeHookState == HANDSHAKE_HOOKS_CERT && eventId ==
TS_SSL_CERT_HOOK) {
- if (curHook != NULL) {
- curHook = curHook->next();
- } else {
- curHook = ssl_hooks->get(TS_SSL_CERT_INTERNAL_HOOK);
- }
+ // get Hooks
+ curHook = ssl_hooks->get(TS_SSL_CERT_INTERNAL_HOOK);
} else {
- // Not in the right state, or no plugins registered for this hook
+ // Not in the right state
// reenable and continue
return true;
}
bool reenabled = true;
- SSLHandshakeHookState holdState = this->sslHandshakeHookState;
if (curHook != NULL) {
// Otherwise, we have plugin hooks to run
this->sslHandshakeHookState = HANDSHAKE_HOOKS_INVOKE;
curHook->invoke(eventId, this);
reenabled = (this->sslHandshakeHookState != HANDSHAKE_HOOKS_INVOKE);
+ } else {
+ // no SNI-Hooks set, set state to HOOKS_DONE
+ // no plugins registered for this hook, return (reenabled == true)
+ sslHandshakeHookState = HANDSHAKE_HOOKS_DONE;
}
- this->sslHandshakeHookState = holdState;
return reenabled;
}
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
