New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl: improve data-pending check for https proxy #1916

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant
@jay
Member

jay commented Sep 24, 2017

  • Allow proxy_ssl to be checked for pending data even when connssl does
    not yet have an SSL handle.

This change is for posterity. Currently there doesn't seem to be a code
path that will cause a pending data check when proxyssl could have
pending data and the connssl handle doesn't yet exist *.

  • Recall that an https proxy connection starts out in connssl but if the
    destination is also https then the proxy SSL backend data is moved from
    connssl to proxyssl, which means connssl handle is temporarily empty
    until an SSL handle for the destination can be created.

Ref: f4a6238#commitcomment-24396542

Closes #xxxx


Can someone confirm my understanding of this, specifically that connssl backend data is intended to only be moved over to proxy_ssl backend data if both are https?

/cc @dscho

openssl: improve data-pending check for https proxy
- Allow proxy_ssl to be checked for pending data even when connssl does
  not yet have an SSL handle.

This change is for posterity. Currently there doesn't seem to be a code
path that will cause a pending data check when proxyssl could have
pending data and the connssl handle doesn't yet exist *.

* Recall that an https proxy connection starts out in connssl but if the
destination is also https then the proxy SSL backend data is moved from
connssl to proxyssl, which means connssl handle is temporarily empty
until an SSL handle for the destination can be created.

Ref: f4a6238#commitcomment-24396542

Closes #xxxx

@jay jay added the SSL/TLS label Sep 24, 2017

@jay jay closed this in 9dfb194 Dec 8, 2017

@jay jay deleted the jay:ossl_improve_proxy_pending branch Dec 8, 2017

@lock lock bot locked as resolved and limited conversation to collaborators May 14, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.