[
https://issues.apache.org/jira/browse/PROTON-2736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Clifford Jansen resolved PROTON-2736.
-------------------------------------
Resolution: Fixed
> TLS OpenSSL library: hang with large application data frames
> ------------------------------------------------------------
>
> Key: PROTON-2736
> URL: https://issues.apache.org/jira/browse/PROTON-2736
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: proton-c-0.38.0
> Reporter: Clifford Jansen
> Assignee: Clifford Jansen
> Priority: Major
> Fix For: proton-c-0.39.0
>
>
> OpenSSL maintains a buffer large enough for the largest possible TLS protocol
> record + 1K. The Proton TLS decrypt loop is unaware of record boundaries and
> repeatedly adds encrypted bytes at one end and takes out decrypted bytes at
> the other, stopping when there is no more to decrypt or no more application
> buffer space to move decrypted content into.
> It also tests if there are remaining decrypted bytes available should the
> application provide additional buffers. This test can fail in the case that
> the OpenSSL buffer is completely filled with:
> handshake record > 1K followed by
> partial max sized application data record
> The SSL_peek operation will not see any application data and Proton
> "remembers" the full buffer without allowing that the handshake record has
> been processed and the buffer is no longer full.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
