Merge branch 'master' into quic-latest

* master: Fix a link error on traffi_quic command (#7433) Fix stall on outbound TLS handshake (#7432) Fix the Proxy Verifier AuTest extension to handle cert paths correctly (#7415) Update documentation for TSSslSessionInsert (#7420) Improve zlib detection logic (#7430) Fix parent connect fail segfault (#7429)
apache · Jan 20, 2021 · c40d95a · c40d95a
2 parents 573035c + ecd70df
commit c40d95a
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 34 deletions.
diff --git a/build/zlib.m4 b/build/zlib.m4
@@ -22,13 +22,12 @@ dnl
 dnl TS_CHECK_ZLIB: look for zlib libraries and headers
 dnl
 AC_DEFUN([TS_CHECK_ZLIB], [
-enable_zlib=no
+enable_zlib=yes
 AC_ARG_WITH(zlib, [AC_HELP_STRING([--with-zlib=DIR],[use a specific zlib library])],
 [
   if test "x$withval" != "xyes" && test "x$withval" != "x"; then
     zlib_base_dir="$withval"
     if test "$withval" != "no"; then
-      enable_zlib=yes
       case "$withval" in
       *":"*)
         zlib_include="`echo $withval |sed -e 's/:.*$//'`"
@@ -46,7 +45,6 @@ AC_ARG_WITH(zlib, [AC_HELP_STRING([--with-zlib=DIR],[use a specific zlib library
 ])
 
 if test "x$zlib_base_dir" = "x"; then
-  AC_MSG_CHECKING([for zlib location])
   AC_CACHE_VAL(ats_cv_zlib_dir,[
   for dir in /usr/local /usr ; do
     if test -d $dir && test -f $dir/include/zlib.h; then
@@ -56,19 +54,15 @@ if test "x$zlib_base_dir" = "x"; then
   done
   ])
   zlib_base_dir=$ats_cv_zlib_dir
-  if test "x$zlib_base_dir" = "x"; then
-    enable_zlib=no
-    AC_MSG_RESULT([not found])
-  else
-    enable_zlib=yes
+  if test "x$zlib_base_dir" != "x"; then
     zlib_include="$zlib_base_dir/include"
     zlib_ldflags="$zlib_base_dir/lib"
-    AC_MSG_RESULT([$zlib_base_dir])
   fi
 else
   if test -d $zlib_include && test -d $zlib_ldflags && test -f $zlib_include/zlib.h; then
     AC_MSG_RESULT([ok])
   else
+    enable_zlib=no
     AC_MSG_RESULT([not found])
   fi
 fi
@@ -78,7 +72,7 @@ if test "$enable_zlib" != "no"; then
   saved_cppflags=$CPPFLAGS
   zlib_have_headers=0
   zlib_have_libs=0
-  if test "$zlib_base_dir" != "/usr"; then
+  if test "$zlib_base_dir" != "/usr" && test "x$zlib_base_dir" != "x"; then
     TS_ADDTO(CPPFLAGS, [-I${zlib_include}])
     TS_ADDTO(LDFLAGS, [-L${zlib_ldflags}])
     TS_ADDTO_RPATH(${zlib_ldflags})

diff --git a/doc/developer-guide/api/functions/TSSslSession.en.rst b/doc/developer-guide/api/functions/TSSslSession.en.rst
@@ -30,7 +30,7 @@ Synopsis
 
 .. function:: TSSslSession TSSslSessionGet(const TSSslSessionID * sessionid)
 .. function:: int TSSslSessionGetBuffer(const TSSslSessionID * sessionid, char * buffer, int * len_ptr)
-.. function:: TSReturnCode TSSslSessionInsert(const TSSslSessionID * sessionid, TSSslSession addSession)
+.. function:: TSReturnCode TSSslSessionInsert(const TSSslSessionID * sessionid, TSSslSession addSession, TSSslConnection ssl_conn)
 .. function:: TSReturnCode TSSslSessionRemove(const TSSslSessionID * sessionid)
 .. function:: void TSSslTicketKeyUpdate(char * ticketData, int ticketDataLength)
 
@@ -54,7 +54,8 @@ returns 0.
 
 :func:`TSSslSessionGetBuffer` returns the session information serialized in a buffer that can be shared between processes.
 When the function is called len_ptr should point to the amount of space
-available in the buffer parameter.  The function returns the amount of data really needed to encode the session.  len_ptr is updated with the amount of data actually stored in the buffer.
+available in the buffer parameter.  The function returns the amount of data really needed to encode the session.  len_ptr is
+updated with the amount of data actually stored in the buffer.
 :func:`TSSslSessionGetBuffer` will not overrun the provided buffer, but the caller should ensure that the data's size was not larger
 than the buffer by comparing the returned value with the value of len_ptr. If the returned value is larger than the buffer size,
 then the session data did not fit in the buffer and the session data stored in the buffer output variable should not be used.
@@ -69,5 +70,5 @@ If there is already an entry in the cache for the session id key, it is first re
 updating the session ticket encrypt key file with new data and reloading the current ATS process.  However, this API does not
 require writing session ticket encryption keys to disk.
 
-If both the ticket key files and :func:`TSSslTicketKeyUpdate` are used to update session ticket encryption keys, ATS will use the most recent update
-regardless if whether it was made by file and configuration reload or API.
+If both the ticket key files and :func:`TSSslTicketKeyUpdate` are used to update session ticket encryption keys, ATS will use the
+most recent update regardless if whether it was made by file and configuration reload or API.
diff --git a/iocore/net/quic/QUICPacketReceiveQueue.cc b/iocore/net/quic/QUICPacketReceiveQueue.cc
@@ -24,9 +24,11 @@
 #include "QUICPacketReceiveQueue.h"
 #include "QUICPacketHeaderProtector.h"
 #include "QUICPacketFactory.h"
-
 #include "QUICIntUtil.h"
 
+#include "P_UDPConnection.h"
+#include "P_UDPPacket.h"
+
 static bool
 is_vn(QUICVersion v)
 {

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
@@ -6119,9 +6119,7 @@ HttpSM::attach_server_session(Http1ServerSession *s)
   // first tunnel was sometimes behind handled by the consumer of the
   // first tunnel instead of the producer of the second tunnel.
   // The real read is setup in setup_server_read_response_header()
-  //
-  // Keep the read disabled until setup_server_read_response_header
-  server_entry->read_vio = server_session->do_io_read(this, 0, nullptr);
+  server_entry->read_vio = server_session->do_io_read(this, 0, server_session->read_buffer);
 
   // Transfer control of the write side as well
   server_entry->write_vio = server_session->do_io_write(this, 0, nullptr);

diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
@@ -380,6 +380,10 @@ response_is_retryable(HttpTransact::State *s, HTTPStatus response_code)
 inline static void
 simple_or_unavailable_server_retry(HttpTransact::State *s)
 {
+  if (!HttpTransact::is_response_valid(s, &s->hdr_info.server_response)) {
+    return; // must return now if the response isn't valid, before calling http_hdr_status_get on uninitialized data
+  }
+
   HTTPStatus server_response = http_hdr_status_get(s->hdr_info.server_response.m_http);
   switch (response_is_retryable(s, server_response)) {
   case PARENT_RETRY_SIMPLE:

diff --git a/tests/gold_tests/autest-site/verifier_client.test.ext b/tests/gold_tests/autest-site/verifier_client.test.ext
@@ -78,10 +78,8 @@ def _configure_client(obj, process, name, replay_path, http_ports=None,
                 raise ValueError("Tried to use '{}' for --client-cert, but it is not "
                                  "a valid file.".format(ssl_cert))
         if ssl_cert:
-            run_ssl_cert = ssl_cert
-            if os.path.isfile(ssl_cert):
-                run_ssl_cert = os.path.join(client_dir, os.path.basename(ssl_cert))
-                process.Setup.Copy(ssl_cert, run_ssl_cert, CopyLogic.SoftFiles)
+            run_ssl_cert = os.path.join(client_dir, os.path.basename(ssl_cert))
+            process.Setup.Copy(ssl_cert, run_ssl_cert, CopyLogic.SoftFiles)
             command += ' --client-cert "{}" '.format(run_ssl_cert)
 
         if ca_cert == '':
@@ -92,10 +90,8 @@ def _configure_client(obj, process, name, replay_path, http_ports=None,
                 raise ValueError("Tried to use '{}' for --ca-certs, but it is not "
                                  "a valid file.".format(ca_cert))
         if ca_cert:
-            run_ca_cert = ca_cert
-            if os.path.isfile(ca_cert):
-                run_ca_cert = os.path.join(client_dir, os.path.basename(ca_cert))
-                process.Setup.Copy(ca_cert, run_ca_cert, CopyLogic.SoftFiles)
+            run_ca_cert = os.path.join(client_dir, os.path.basename(ca_cert))
+            process.Setup.Copy(ca_cert, run_ca_cert, CopyLogic.SoftFiles)
             command += ' --ca-certs "{}" '.format(run_ca_cert)
 
     if other_args:

diff --git a/tests/gold_tests/autest-site/verifier_server.test.ext b/tests/gold_tests/autest-site/verifier_server.test.ext
@@ -78,10 +78,8 @@ def _configure_server(obj, process, name, replay_path, http_ports=None, https_po
                 raise ValueError("Tried to use '{}' for --server-cert, but it is not "
                                  "a valid file.".format(ssl_cert))
         if ssl_cert:
-            run_ssl_cert = ssl_cert
-            if os.path.isfile(ssl_cert):
-                run_ssl_cert = os.path.join(server_dir, os.path.basename(ssl_cert))
-                process.Setup.Copy(ssl_cert, run_ssl_cert, CopyLogic.SoftFiles)
+            run_ssl_cert = os.path.join(server_dir, os.path.basename(ssl_cert))
+            process.Setup.Copy(ssl_cert, run_ssl_cert, CopyLogic.SoftFiles)
             command += ' --server-cert "{}" '.format(run_ssl_cert)
 
         if ca_cert == '':
@@ -92,17 +90,16 @@ def _configure_server(obj, process, name, replay_path, http_ports=None, https_po
                 raise ValueError("Tried to use '{}' for --ca-certs, but it is not "
                                  "a valid file.".format(ca_cert))
         if ca_cert:
-            run_ca_cert = ca_cert
-            if os.path.isfile(ca_cert):
-                run_ca_cert = os.path.join(server_dir, os.path.basename(ca_cert))
-                process.Setup.Copy(ca_cert, run_ca_cert, CopyLogic.SoftFiles)
+            run_ca_cert = os.path.join(server_dir, os.path.basename(ca_cert))
+            process.Setup.Copy(ca_cert, run_ca_cert, CopyLogic.SoftFiles)
             command += ' --ca-certs "{}" '.format(run_ca_cert)
 
     if replay_path:
         # Create a copy of the replay directory in the run directory.
         run_replay_path = os.path.join(server_dir, os.path.basename(replay_path))
         process.Setup.Copy(replay_path, run_replay_path, CopyLogic.SoftFiles)
         command += "{} ".format(run_replay_path)
+
     if other_args:
         command += "{} ".format(other_args)
     process.Command = command