Susan Hinrichs created TS-3372:
----------------------------------
Summary: Need to find another solution to SSL_set_rbio
Key: TS-3372
URL: https://issues.apache.org/jira/browse/TS-3372
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: Susan Hinrichs
We currently use readonly membuf BIOs to feed the handshake buffers into the
SSL_accept. We added this to enable a SSL connection to transition into a
blind tunneled connection. We would have the first packet in a io buffer ready
to send onto the origin server if the plugin decided to blind tunnel.
To make this work, we would have to reset the read bio on each packet, since we
are passing in read-only pointers to our io buffer structures.
Openssl provides a SSL_set_bio() call that lets you reset the read and write
bios for the SSL. And you could use SSL_get_wbio() to feed back in the same
write bio. But in the code, if buffered output is enabled (which it is in our
case), the write bio state is changed even if the write bio we pass in is
identical to the write bio that is already present.
To make things work, I added a SSL_set_rbio that only frees and sets the rbio.
This works fine for us. But with the next major version (1.1) we will not be
able to read into the ssl data structure and adjust the rbio field directly.
Either we need to find the official approved solution to this problem or get
them to add one.
We have also discussed bypassing the openssl buffering and use ATS buffing
based on io buffers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
