On 02/06/2017 01:31 PM, Yann Ylavic wrote: > On Mon, Feb 6, 2017 at 12:53 PM, Plüm, Rüdiger, Vodafone Group > <[email protected]> wrote: >> >> IMHO we currently fail after we processed an EOC (no matter if in the >> same brigade or in a follow up brigade) and we should continue doing >> so. > > We fail in the same brigade thanks to ssl_filter_write() when pssl is > NULL, but I think that if we wanted to also fail for subsequent > brigades, we need something like: > > Index: modules/ssl/ssl_engine_io.c > =================================================================== > --- modules/ssl/ssl_engine_io.c (revision 1781582) > +++ modules/ssl/ssl_engine_io.c (working copy) > @@ -1777,14 +1775,15 @@ static apr_status_t ssl_io_filter_output(ap_filter > return APR_ECONNABORTED; > } > > - /* Reinstate any buffered content */ > - ap_filter_reinstate_brigade(f, bb, &flush_upto); > - > if (!filter_ctx->pssl) { > /* ssl_filter_io_shutdown was called */ > - return ap_pass_brigade(f->next, bb); > + apr_brigade_cleanup(bb); > + return APR_EGENERAL; > } > > + /* Reinstate any buffered content */ > + ap_filter_reinstate_brigade(f, bb, &flush_upto); > + > inctx = (bio_filter_in_ctx_t *)BIO_get_data(filter_ctx->pbioRead); > outctx = (bio_filter_out_ctx_t *)BIO_get_data(filter_ctx->pbioWrite); >
Yes you are correct. I missed that. So some sort of inconsistent behavior here currently. I still think that we should not pass on any data here. Only metadata seems to be acceptable. But this would require more logic. Regards Rüdiger
