bneradt commented on a change in pull request #8610:
URL: https://github.com/apache/trafficserver/pull/8610#discussion_r789901835
##########
File path: iocore/net/SSLNetVConnection.cc
##########
@@ -2014,15 +2021,61 @@ SSLNetVConnection::_ssl_accept()
#if TS_HAS_TLS_EARLY_DATA
if (SSLConfigParams::server_max_early_data > 0 && !this->_early_data_finish)
{
- size_t nread;
+#if HAVE_SSL_READ_EARLY_DATA
+ size_t nread = 0;
+#else
+ ssize_t nread = 0;
+#endif
while (true) {
- IOBufferBlock *block = new_IOBufferBlock();
+ bool had_error_on_reading_early_data = false;
+ bool finished_reading_early_data = false;
+ IOBufferBlock *block = new_IOBufferBlock();
block->alloc(BUFFER_SIZE_INDEX_16K);
- ret = SSL_read_early_data(ssl, block->buf(),
index_to_buffer_size(BUFFER_SIZE_INDEX_16K), &nread);
+#if HAVE_SSL_READ_EARLY_DATA
+ ret = SSL_read_early_data(ssl, block->buf(),
index_to_buffer_size(BUFFER_SIZE_INDEX_16K), &nread);
if (ret == SSL_READ_EARLY_DATA_ERROR) {
- Debug("ssl_early_data", "SSL_READ_EARLY_DATA_ERROR");
+ had_error_on_reading_early_data = true;
+ } else if (ret == SSL_READ_EARLY_DATA_FINISH) {
+ finished_reading_early_data = true;
+ }
+#else
+ ret = SSL_accept(ssl);
Review comment:
Let's comment the `#else` block indicating that it is the BoringSSL
implementation. (You've done that elsewhere in this patch, I think it would be
good here as well.)
##########
File path: iocore/net/SSLNetVConnection.cc
##########
@@ -2205,15 +2262,45 @@ SSLNetVConnection::_ssl_read_buffer(void *buf, int64_t
nbytes, int64_t &nread)
}
if (SSLConfigParams::server_max_early_data > 0 &&
!this->_early_data_finish) {
+ bool had_error_on_reading_early_data = false;
+ bool finished_reading_early_data = false;
Debug("ssl_early_data", "More early data to read.");
ssl_error_t ssl_error = SSL_ERROR_NONE;
- size_t read_bytes = 0;
-
- int ret = SSL_read_early_data(ssl, buf, static_cast<size_t>(nbytes),
&read_bytes);
+ int ret;
+#if HAVE_SSL_READ_EARLY_DATA
+ size_t read_bytes = 0;
+#else
+ ssize_t read_bytes = 0;
+#endif
+#ifdef HAVE_SSL_READ_EARLY_DATA
+ ret = SSL_read_early_data(ssl, buf, static_cast<size_t>(nbytes),
&read_bytes);
if (ret == SSL_READ_EARLY_DATA_ERROR) {
- Debug("ssl_early_data", "SSL_READ_EARLY_DATA_ERROR");
- ssl_error = SSL_get_error(ssl, ret);
+ had_error_on_reading_early_data = true;
+ ssl_error = SSL_get_error(ssl, ret);
+ } else if (ret == SSL_READ_EARLY_DATA_FINISH) {
+ finished_reading_early_data = true;
+ }
+#else
+ if (SSL_in_early_data(ssl)) {
Review comment:
Let's also comment this as the BoringSSL version.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
