On 02/06/2017 01:31 PM, Yann Ylavic wrote:
> On Mon, Feb 6, 2017 at 12:53 PM, Plüm, Rüdiger, Vodafone Group
> wrote:
>>
>> IMHO we currently fail after we processed an EOC (no matter if in the
>> same brigade or in a follow up brigade) and we should continue doing
>> so.
>
> We fail in the same brigade thanks to ssl_filter_write() when pssl is
> NULL, but I think that if we wanted to also fail for subsequent
> brigades, we need something like:
>
> Index: modules/ssl/ssl_engine_io.c
> ===
> --- modules/ssl/ssl_engine_io.c(revision 1781582)
> +++ modules/ssl/ssl_engine_io.c(working copy)
> @@ -1777,14 +1775,15 @@ static apr_status_t ssl_io_filter_output(ap_filter
> return APR_ECONNABORTED;
> }
>
> -/* Reinstate any buffered content */
> -ap_filter_reinstate_brigade(f, bb, &flush_upto);
> -
> if (!filter_ctx->pssl) {
> /* ssl_filter_io_shutdown was called */
> -return ap_pass_brigade(f->next, bb);
> +apr_brigade_cleanup(bb);
> +return APR_EGENERAL;
> }
>
> +/* Reinstate any buffered content */
> +ap_filter_reinstate_brigade(f, bb, &flush_upto);
> +
> inctx = (bio_filter_in_ctx_t *)BIO_get_data(filter_ctx->pbioRead);
> outctx = (bio_filter_out_ctx_t *)BIO_get_data(filter_ctx->pbioWrite);
>
Yes you are correct. I missed that. So some sort of inconsistent behavior here
currently.
I still think that we should not pass on any data here. Only metadata seems to
be acceptable.
But this would require more logic.
Regards
Rüdiger
