Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

This fix by Adam Langley fixes the SSL False-Start and 1/N-1 issues w…

…ith SSL. Adam we are very grateful for your help.
  • Loading branch information...
commit cbe47e2fd2799c306dd88b3f06f7a108fa250c19 1 parent daa0698
@skinkie skinkie authored
View
26 cherokee/cryptor_libssl.c
@@ -574,6 +574,8 @@ socket_initialize (cherokee_cryptor_socket_libssl_t *cryp,
return ret_error;
}
+ cryp->is_pending = false;
+
#ifndef OPENSSL_NO_TLSEXT
SSL_set_app_data (cryp->session, conn);
#else
@@ -882,11 +884,22 @@ _socket_read (cherokee_cryptor_socket_libssl_t *cryp,
CLEAR_LIBSSL_ERRORS;
- len = SSL_read (cryp->session, buf, buf_size);
- if (likely (len > 0)) {
- *pcnt_read = len;
- if (SSL_pending (cryp->session))
- return ret_eagain;
+ *pcnt_read = 0;
+
+ while (buf_size > 0) {
+ len = SSL_read (cryp->session, buf, buf_size);
+ if (len < 1)
+ break;
+ *pcnt_read += len;
+ buf += len;
+ buf_size -= len;
+ }
+
+ /* We have more data than buffer space. Mark the socket as
+ * having pending data. */
+ cryp->is_pending = (buf_size == 0);
+
+ if (*pcnt_read > 0) {
return ret_ok;
}
@@ -927,8 +940,7 @@ _socket_read (cherokee_cryptor_socket_libssl_t *cryp,
static int
_socket_pending (cherokee_cryptor_socket_libssl_t *cryp)
{
- SSL_read(cryp->session, NULL, 0);
- return (SSL_pending (cryp->session) > 0);
+ return cryp->is_pending;
}
static ret_t
View
1  cherokee/cryptor_libssl.h
@@ -80,6 +80,7 @@ typedef struct {
cherokee_cryptor_socket_t base;
SSL *session;
SSL_CTX *ssl_ctx;
+ cherokee_boolean_t is_pending;
struct {
char *buf;
off_t buf_len;
View
11 cherokee/thread.c
@@ -1479,6 +1479,17 @@ process_active_connections (cherokee_thread_t *thd)
} /* list */
+ list_for_each_safe (i, tmp, LIST(&thd->active_list)) {
+ conn = CONN(i);
+
+ /* Check whether we have data sitting in SSL buffers that needs
+ * to be processed before we wait for file descriptors. */
+ if (conn->socket.cryptor &&
+ cherokee_cryptor_socket_pending(conn->socket.cryptor)) {
+ thd->pending_read_num++;
+ }
+ } /* list */
+
return ret_ok;
}
Please sign in to comment.
Something went wrong with that request. Please try again.