bneradt commented on code in PR #12290:
URL: https://github.com/apache/trafficserver/pull/12290#discussion_r2153022765


##########
src/iocore/net/SSLNetVConnection.cc:
##########
@@ -1211,39 +1227,39 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
       
TLSEventSupport::get_ssl_handshake_hook_state_name(this->get_handshake_hook_state()));
 
   // All the pre-accept hooks have completed, proceed with the actual accept.
-  if (this->handShakeReader) {
+  bool const in_client_hello =
+    this->get_handshake_hook_state() == 
TLSEventSupport::SSLHandshakeHookState::HANDSHAKE_HOOKS_CLIENT_HELLO;
+  // We only feed CLIENT_HELLO bytes into our temporary buffers. If we are past
+  // the CLIENT_HELLO, then no need to buffer.
+  if (in_client_hello && this->handShakeReader) {
     if (BIO_eof(SSL_get_rbio(this->ssl))) { // No more data in the buffer
-      // Is this the first read?
-      if (!this->handShakeReader->is_read_avail_more_than(0) && 
!this->handShakeHolder->is_read_avail_more_than(0)) {
+                                            // Is this the first read?
 #if TS_USE_TLS_ASYNC
-        if (SSLConfigParams::async_handshake_enabled) {
-          SSL_set_mode(ssl, SSL_MODE_ASYNC);
-        }
+      if (SSLConfigParams::async_handshake_enabled) {
+        SSL_set_mode(ssl, SSL_MODE_ASYNC);
+      }
 #endif
 
-        Dbg(dbg_ctl_ssl, "%p first read\n", this);
-        // Read from socket to fill in the BIO buffer with the
-        // raw handshake data before calling the ssl accept calls.
-        int retval = this->read_raw_data();
-        if (retval < 0) {
-          if (retval == -EAGAIN) {
-            // No data at the moment, hang tight
-            SSLVCDebug(this, "SSL handshake: EAGAIN");
-            return SSL_HANDSHAKE_WANT_READ;
-          } else {
-            // An error, make us go away
-            SSLVCDebug(this, "SSL handshake error: read_retval=%d", retval);
-            return EVENT_ERROR;
-          }
-        } else if (retval == 0) {
-          // EOF, go away, we stopped in the handshake
-          SSLVCDebug(this, "SSL handshake error: EOF");
+      Dbg(dbg_ctl_ssl, "%p reading off the socket into our buffers", this);
+      // Read from socket to fill in the BIO buffer with the
+      // raw handshake data before calling the ssl accept calls.
+      int retval = this->read_raw_data();
+      if (retval < 0) {
+        if (retval == -EAGAIN) {
+          // No data at the moment, hang tight
+          SSLVCDebug(this, "SSL handshake: EAGAIN");
+          return SSL_HANDSHAKE_WANT_READ;
+        } else {
+          // An error, make us go away
+          SSLVCDebug(this, "SSL handshake error: read_retval=%d", retval);
           return EVENT_ERROR;
         }
-      } else {
-        update_rbio(false);
+      } else if (retval == 0) {
+        // EOF, go away, we stopped in the handshake
+        SSLVCDebug(this, "SSL handshake error: EOF");
+        return EVENT_ERROR;
       }

Review Comment:
   the read_faw_data logic above does what update_rbio would have been doing 
(read from the socket and populate our buffers), so no need to call it here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to