On 14 Aug 2013, at 22:43, Stefan Fritsch <s...@sfritsch.de> wrote: > Unfortunately, I haven't been able to trigger the new code path in > mod_ssl being actually used. Do you have any example setup/situation, > where the SSL_ERROR_WANT_READ case is actually hit?
I suspect you have misunderstood the problem the patch tries to fix. SSL negotiation and renegotiation involve both reads and writes, and these reads might be performed inside SSL_write, and these writes might be performed inside SSL_read. When OpenSSL is switched to async mode, it returns two distinct codes to signify that the sense of the poll must be changed. Historically the core was oblivious to this requirement, and happily tried to poll for read when OpenSSL had asked for permission to write. With nothing to be read, the connection would hang indefinitely. This patch fixed two things. It taught the core how to respect the sense requested by OpenSSL, and it removed the hack that forced SSL connections to be sync only. What this patch does not attempt to do is optimize the filters to switch to write completion mode earlier on in the response. That is a completely separate problem requiring a separate fix. That problem is probably as simple to fix as teaching mod_ssl to detect when an EOS bucket is present in the brigade, hopefully but not necessarily behind a file bucket, and if so, set aside the brigade and switch on write completion. Next time round, serve from the set aside brigade in write completion mode until done. Regards, Graham --
