-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSslEngine return NEED_WRAP if the destination buffered filled #6803
Conversation
SSLEngineResult result = wrap(alloc, engine, Unpooled.EMPTY_BUFFER, out); | ||
|
||
if (previousNeedUnwrap) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes to SslHandler are just to support debugging and will be removed if this PR is accepted.
@rkapsi - would you mind trying this PR with OPENSSL and report back the same log statements you did as in #6796 (comment)? |
@Scottmitch - will do first thing in the morning tomorrow |
@rkapsi verified this patch works as expected in #6796 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.... just remember to remove debug stuff
b833440
to
394dce3
Compare
Motivation: If the destination buffer is completely filled during a call to OpenSslEngine#wrap(..) we may return NEED_UNWRAP because there is no data pending in the SSL buffers. However during a handshake if the SSL buffers were just drained, and filled up the destination buffer it is possible OpenSSL may produce more data on the next call to SSL_write. This means we should keep trying to call SSL_write as long as the destination buffer is filled and only return NEED_UNWRAP when the destination buffer is not full and there is no data pending in OpenSSL's buffers. Modifications: - If the handshake produces data in OpenSslEngine#wrap(..) we should return NEED_WRAP if the destination buffer is completely filled Result: OpenSslEngine returns the correct handshake status from wrap(). Fixes netty#6796.
394dce3
to
b5ff340
Compare
I will pull this in now as even if it doesn't fix #6796 it is still an issue, and the behavior from the log statements provided in #6796 (comment) demonstrates the correct behavior. |
@Scottmitch running 24f801c built from HEAD of 4.1 now. Looks good, no issues. 💯 |
Motivation: PR netty#6803 corrected an error in the return status of the OpenSslEngine. We should now be able to restore the SslHandler optimization. Modifications: - This reverts commit 7f3b75a. Result: SslHandler optimization is restored.
Motivation: PR netty#6803 corrected an error in the return status of the OpenSslEngine. We should now be able to restore the SslHandler optimization. Modifications: - This reverts commit 7f3b75a. Result: SslHandler optimization is restored.
Motivation: PR netty#6803 corrected an error in the return status of the OpenSslEngine. We should now be able to restore the SslHandler optimization. Modifications: - This reverts commit 7f3b75a. Result: SslHandler optimization is restored.
Motivation: PR netty#6803 corrected an error in the return status of the OpenSslEngine. We should now be able to restore the SslHandler optimization. Modifications: - This reverts commit 7f3b75a. Result: SslHandler optimization is restored.
Motivation:
If the destination buffer is completely filled during a call to OpenSslEngine#wrap(..) we may return NEED_UNWRAP because there is no data pending in the SSL buffers. However during a handshake if the SSL buffers were just drained, and filled up the destination buffer it is possible OpenSSL may produce more data on the next call to SSL_write. This means we should keep trying to call SSL_write as long as the destination buffer is filled and only return NEED_UNWRAP when the destination buffer is not full and there is no data pending in OpenSSL's buffers.
Modifications:
Result:
OpenSslEngine returns the correct handshake status from wrap().
Fixes #6796.