summaryrefslogtreecommitdiff
path: root/modules/ssl/ssl_engine_io.c
diff options
context:
space:
mode:
authorArno Töll <arno@debian.org>2013-12-23 23:50:09 -1100
committerArno Töll <arno@debian.org>2013-12-23 23:50:09 -1100
commit86d5cc79d9d6750da8771fdb0c9ab22c19b8ad45 (patch)
tree5037da70bf37c0ee93f0ea09f054bdfb278befe0 /modules/ssl/ssl_engine_io.c
parent4a336a5b117419c33c29eadd6409c69df78cd586 (diff)
downloadapache2-86d5cc79d9d6750da8771fdb0c9ab22c19b8ad45.tar.gz
Imported Upstream version 2.4.7upstream/2.4.7
Diffstat (limited to 'modules/ssl/ssl_engine_io.c')
-rw-r--r--modules/ssl/ssl_engine_io.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index d135bd38..7f60cc27 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -775,6 +775,18 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
*/
outctx->rc = APR_EAGAIN;
}
+ else if (ssl_err == SSL_ERROR_WANT_READ) {
+ /*
+ * If OpenSSL wants to read during write, and we were
+ * nonblocking, set the sense explicitly to read and
+ * report as an EAGAIN.
+ *
+ * (This is usually the case when the client forces an SSL
+ * renegotiation which is handled implicitly by OpenSSL.)
+ */
+ outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+ outctx->rc = APR_EAGAIN;
+ }
else if (ssl_err == SSL_ERROR_SYSCALL) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c, APLOGNO(01993)
"SSL output filter write failed.");
@@ -1048,7 +1060,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
server = sslconn->server;
if (sslconn->is_proxy) {
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
apr_ipsubnet_t *ip;
#endif
const char *hostname_note = apr_table_get(c->notes,
@@ -1056,7 +1068,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
BOOL proxy_ssl_check_peer_ok = TRUE;
sc = mySrvConfig(server);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
/*
* Enable SNI for backend requests. Make sure we don't do it for
* pure SSLv3 connections, and also prevent IP addresses
@@ -1902,8 +1914,10 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
- /* We insert a clogging input filter. Let the core know. */
- c->clogging_input_filters = 1;
+ /* write is non blocking for the benefit of async mpm */
+ if (c->cs) {
+ BIO_set_nbio(filter_ctx->pbioWrite, 1);
+ }
ssl_io_input_add_filter(filter_ctx, c, r, ssl);
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-23 16:57:20 +0000