Skip to content
This repository
Browse code

This fix by Adam Langley fixes the SSL False-Start and 1/N-1 issues w…

…ith SSL. Adam we are very grateful for your help.
  • Loading branch information...
commit cbe47e2fd2799c306dd88b3f06f7a108fa250c19 1 parent daa0698
Stefan de Konink authored June 24, 2012
26  cherokee/cryptor_libssl.c
@@ -574,6 +574,8 @@ socket_initialize (cherokee_cryptor_socket_libssl_t *cryp,
574 574
 		return ret_error;
575 575
 	}
576 576
 
  577
+	cryp->is_pending = false;
  578
+
577 579
 #ifndef OPENSSL_NO_TLSEXT
578 580
 	SSL_set_app_data (cryp->session, conn);
579 581
 #else
@@ -882,11 +884,22 @@ _socket_read (cherokee_cryptor_socket_libssl_t *cryp,
882 884
 
883 885
 	CLEAR_LIBSSL_ERRORS;
884 886
 
885  
-	len = SSL_read (cryp->session, buf, buf_size);
886  
-	if (likely (len > 0)) {
887  
-		*pcnt_read = len;
888  
-		if (SSL_pending (cryp->session))
889  
-			return ret_eagain;
  887
+	*pcnt_read = 0;
  888
+
  889
+	while (buf_size > 0) {
  890
+		len = SSL_read (cryp->session, buf, buf_size);
  891
+		if (len < 1)
  892
+			break;
  893
+		*pcnt_read += len;
  894
+		buf += len;
  895
+		buf_size -= len;
  896
+	}
  897
+
  898
+    /* We have more data than buffer space. Mark the socket as
  899
+	 * having pending data. */
  900
+    cryp->is_pending = (buf_size == 0);
  901
+
  902
+	if (*pcnt_read > 0) {
890 903
 		return ret_ok;
891 904
 	}
892 905
 
@@ -927,8 +940,7 @@ _socket_read (cherokee_cryptor_socket_libssl_t *cryp,
927 940
 static int
928 941
 _socket_pending (cherokee_cryptor_socket_libssl_t *cryp)
929 942
 {
930  
-	SSL_read(cryp->session, NULL, 0);
931  
-	return (SSL_pending (cryp->session) > 0);
  943
+	return cryp->is_pending;
932 944
 }
933 945
 
934 946
 static ret_t
1  cherokee/cryptor_libssl.h
@@ -80,6 +80,7 @@ typedef struct {
80 80
 	cherokee_cryptor_socket_t  base;
81 81
 	SSL                       *session;
82 82
 	SSL_CTX                   *ssl_ctx;
  83
+	cherokee_boolean_t         is_pending;
83 84
 	struct {
84 85
 		char              *buf;
85 86
 		off_t              buf_len;
11  cherokee/thread.c
@@ -1479,6 +1479,17 @@ process_active_connections (cherokee_thread_t *thd)
1479 1479
 
1480 1480
 	} /* list */
1481 1481
 
  1482
+	list_for_each_safe (i, tmp, LIST(&thd->active_list)) {
  1483
+		conn = CONN(i);
  1484
+
  1485
+		/* Check whether we have data sitting in SSL buffers that needs
  1486
+		* to be processed before we wait for file descriptors. */
  1487
+		if (conn->socket.cryptor &&
  1488
+		   cherokee_cryptor_socket_pending(conn->socket.cryptor)) {
  1489
+			thd->pending_read_num++;
  1490
+		}
  1491
+	} /* list */
  1492
+
1482 1493
 	return ret_ok;
1483 1494
 }
1484 1495
 

0 notes on commit cbe47e2

Please sign in to comment.
Something went wrong with that request. Please try again.