bneradt commented on code in PR #12290:
URL: https://github.com/apache/trafficserver/pull/12290#discussion_r2153014642


##########
src/iocore/net/SSLNetVConnection.cc:
##########
@@ -568,7 +578,13 @@ SSLNetVConnection::net_read_io(NetHandler *nh)
       }
       // move over to the socket if we haven't already
       if (this->handShakeBuffer != nullptr) {
-        read.triggered = update_rbio(true);
+        bool const in_client_hello =
+          this->get_handshake_hook_state() == 
TLSEventSupport::SSLHandshakeHookState::HANDSHAKE_HOOKS_CLIENT_HELLO;
+        // Only transfer buffers to the socket once the CLIENT_HELLO is
+        // finished. We need to keep our buffers updated until then in case we
+        // enter tunnel mode.
+        Dbg(dbg_ctl_ssl, "Updating our buffers, in CLIENT_HELLO: %s", 
in_client_hello ? "true" : "false");
+        read.triggered = update_rbio(!in_client_hello);

Review Comment:
   Only transition to socket mode from our manually fed buffer if we're not 
still processing the CLIENT_HELLO. While we process the CLIENT_HELLO, we need 
to keep buffering it in case we want to replay it in the blind tunnel case.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to