On Thu, Oct 1, 2015 at 3:54 PM, Plüm, Rüdiger, Vodafone Group
<[email protected]> wrote:
>>
>> Looks like as neither ssl23_client_hello nor ssl23_write_bytes cause
>> BIO_flush to be called.
>
> Dumped the wrong memory section for a HEAP bucket. The contents of the heap
> bucket is actually (now a different session):
>
> gdb) x/70x 0x7f03a801c0e8
> 0x7f03a801c0e8: 0x01010316 0x0100010c 0x56030308 0xcbee2e0d
> 0x7f03a801c0f8: 0x08b833ba 0xfc96ae2b 0xba2b9a9b 0xa67ea8d2
> 0x7f03a801c108: 0x0ef75ce9 0xb398fba7 0x004fe092 0x30c08a00
> 0x7f03a801c118: 0x28c02cc0 0x14c024c0 0xa3000ac0 0x6b009f00
> 0x7f03a801c128: 0x39006a00 0x88003800 0x32c08700 0x2ac02ec0
> 0x7f03a801c138: 0x0fc026c0 0x9d0005c0 0x35003d00 0x2fc08400
> 0x7f03a801c148: 0x27c02bc0 0x13c023c0 0xa20009c0 0x67009e00
> 0x7f03a801c158: 0x33004000 0x12c03200 0x450008c0 0x16004400
> 0x7f03a801c168: 0x31c01300 0x29c02dc0 0x0ec025c0 0x0dc004c0
> 0x7f03a801c178: 0x9c0003c0 0x2f003c00 0x0a004100 0x99009a00
> 0x7f03a801c188: 0x07009600 0x07c011c0 0x02c00cc0 0x04000500
> 0x7f03a801c198: 0x12001500 0xff000900 0x55000001 0x0e000000
> 0x7f03a801c1a8: 0x00000c00 0x636f6c09 0x6f686c61 0x0b007473
> 0x7f03a801c1b8: 0x00030400 0x0a000201 0x06000800 0x18001900
> 0x7f03a801c1c8: 0x23001700 0x0d000000 0x20002200 0x02060106
> 0x7f03a801c1d8: 0x01050306 0x03050205 0x02040104 0x01030304
> 0x7f03a801c1e8: 0x03030203 0x02020102 0x01010302 0x01000f00
> 0x7f03a801c1f8: 0x00000001 0x00000000
>
> And this is indeed a client hello.
Yes, I checked openssl's ssl23_client_hello() and indeed there is no
flush from there...
Actually I don't see any flush in any SSL_method*() during handshake
but at the end of it...
So we probably should go for something like:
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c (revision 1706228)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -452,6 +452,7 @@ static int bio_filter_in_read(BIO *bio, char *in,
apr_size_t inl = inlen;
bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)(bio->ptr);
apr_read_type_e block = inctx->block;
+ int do_flush;
inctx->rc = APR_SUCCESS;
@@ -466,21 +467,25 @@ static int bio_filter_in_read(BIO *bio, char *in,
}
/* In theory, OpenSSL should flush as necessary, but it is known
- * not to do so correctly in some cases (< 0.9.8m); see PR 46952.
+ * not to do so correctly in some cases (< 0.9.8m; see PR 46952),
+ * or on the proxy/client side (after ssl23_client_hello(), eg.
+ * ssl/proxy.t test suite).
+ *
+ * Historically, this flush call was performed only for an SSLv2
+ * connection or for a proxy connection. Calling _out_flush can
+ * be expensive in cases where requests/reponses are pipelined,
+ * so limit the performance impact to handshake time.
*/
#if OPENSSL_VERSION_NUMBER < 0x0009080df
- /* Historically, this flush call was performed only for an SSLv2
- * connection or for a proxy connection. Calling _out_flush
- * should be very cheap in cases where it is unnecessary (and no
- * output is buffered) so the performance impact of doing it
- * unconditionally should be minimal.
- */
- if (bio_filter_out_flush(inctx->bio_out) < 0) {
+ do_flush = 1;
+#else
+ do_flush = !SSL_is_init_finished(inctx->ssl);
+#endif
+ if (do_flush && bio_filter_out_flush(inctx->bio_out) < 0) {
bio_filter_out_ctx_t *outctx = inctx->bio_out->ptr;
inctx->rc = outctx->rc;
return -1;
}
-#endif
BIO_clear_retry_flags(bio);
--
This makes the tests work for me...
Regards,
Yann.
