bneradt commented on code in PR #12290:
URL: https://github.com/apache/trafficserver/pull/12290#discussion_r2153021642
##########
src/iocore/net/SSLNetVConnection.cc:
##########
@@ -1211,39 +1227,39 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
TLSEventSupport::get_ssl_handshake_hook_state_name(this->get_handshake_hook_state()));
// All the pre-accept hooks have completed, proceed with the actual accept.
- if (this->handShakeReader) {
+ bool const in_client_hello =
+ this->get_handshake_hook_state() ==
TLSEventSupport::SSLHandshakeHookState::HANDSHAKE_HOOKS_CLIENT_HELLO;
+ // We only feed CLIENT_HELLO bytes into our temporary buffers. If we are past
+ // the CLIENT_HELLO, then no need to buffer.
+ if (in_client_hello && this->handShakeReader) {
if (BIO_eof(SSL_get_rbio(this->ssl))) { // No more data in the buffer
- // Is this the first read?
- if (!this->handShakeReader->is_read_avail_more_than(0) &&
!this->handShakeHolder->is_read_avail_more_than(0)) {
+ // Is this the first read?
#if TS_USE_TLS_ASYNC
Review Comment:
If the CLIENT_HELLO is split on multiple packets, then we need to call
`this->read_raw_data` for each packet (see 1246). Before this change, we
assumed we would only ever need to call it once, thus we only called it if
handShakeReader/Holder was empty. This change makes us do the raw read for each
packet that comes in, so we can populate our buffered CLIENT_HELLO and feed it
to the SSL socket.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
