bneradt commented on code in PR #12290: URL: https://github.com/apache/trafficserver/pull/12290#discussion_r2153014642
########## src/iocore/net/SSLNetVConnection.cc: ########## @@ -568,7 +578,13 @@ SSLNetVConnection::net_read_io(NetHandler *nh) } // move over to the socket if we haven't already if (this->handShakeBuffer != nullptr) { - read.triggered = update_rbio(true); + bool const in_client_hello = + this->get_handshake_hook_state() == TLSEventSupport::SSLHandshakeHookState::HANDSHAKE_HOOKS_CLIENT_HELLO; + // Only transfer buffers to the socket once the CLIENT_HELLO is + // finished. We need to keep our buffers updated until then in case we + // enter tunnel mode. + Dbg(dbg_ctl_ssl, "Updating our buffers, in CLIENT_HELLO: %s", in_client_hello ? "true" : "false"); + read.triggered = update_rbio(!in_client_hello); Review Comment: Only transition to socket mode from our manually fed buffer if we're not still processing the CLIENT_HELLO. While we process the CLIENT_HELLO, we need to keep buffering it in case we want to replay it in the blind tunnel case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org