Re: svn commit: r1870095 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

2020-08-17 Thread Joe Orton 
On Mon, Aug 17, 2020 at 02:07:33PM +0200, Ruediger Pluem wrote:
> On 11/21/19 4:51 PM, jor...@apache.org wrote:
> > Author: jorton
> > Date: Thu Nov 21 15:51:32 2019
> > New Revision: 1870095
> > 
> > URL: http://svn.apache.org/viewvc?rev=1870095=rev
...
> > @@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(reques
> >  }
> >  }
> >  
> > +/* Fill reneg buffer if required. */
> > +if (change_vmode) {
> 
> Why can't we put this block below the
> 
> if (change_vmode)
> 
> a few lines below?

Good question, thanks for the review.  No good reason, and moving the 
call after the r->connection->master test is presumably better.  Done in 
r1880927.

Regards, Joe

Re: svn commit: r1870095 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

2020-08-17 Thread Ruediger Pluem 



On 11/21/19 4:51 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Thu Nov 21 15:51:32 2019
> New Revision: 1870095
> 
> URL: http://svn.apache.org/viewvc?rev=1870095=rev
> Log:
> Buffer HTTP request bodies for TLSv1.3 PHA in the same way as for
> TLSv<1.3 renegotiation.
> 
> * modules/ssl/ssl_engine_kernel.c (fill_reneg_buffer): Factor
>   out...
>   (ssl_hook_Access_classic): ... from here.
>   (ssl_hook_Access_modern): Use it here too.
> 
> Github: closes #75
> 
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1870095=1870094=1870095=diff
> ==
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Nov 21 15:51:32 2019

> @@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(reques
>  }
>  }
>  
> +/* Fill reneg buffer if required. */
> +if (change_vmode) {

Why can't we put this block below the

if (change_vmode)

a few lines below?

> +rc = fill_reneg_buffer(r, dc);
> +if (rc) {
> +ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
> +  "could not buffer message body to allow "
> +  "TLS Post-Handshake Authentication to 
> proceed");
> +return rc;
> +}
> +}
> +
>  if (change_vmode) {
>  char peekbuf[1];

Regards

RĂ¼diger