serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhuij...@apache.org
Subject svn commit: r1709919 - /serf/trunk/buckets/ssl_buckets.c
Date Wed, 21 Oct 2015 21:07:56 GMT
Author: rhuijben
Date: Wed Oct 21 21:07:56 2015
New Revision: 1709919

URL: http://svn.apache.org/viewvc?rev=1709919&view=rev
Log:
Following up on r1708829, handle the fallback of protocol negotiation after
the handshake has finished instead of only after the entire negotiation has
finished. This improves the interop against older openssl versions.

* buckets/ssl_buckets.c
  (serf_ssl_context_t): Rename field.
  (ssl_decrypt): Asume that we are done if either the complete init succeeded
    or the handshake completed.
  (ssl_init_context): Update initialization.
  (ssl_get_selected_protocol): Update usage.

Modified:
    serf/trunk/buckets/ssl_buckets.c

Modified: serf/trunk/buckets/ssl_buckets.c
URL: http://svn.apache.org/viewvc/serf/trunk/buckets/ssl_buckets.c?rev=1709919&r1=1709918&r2=1709919&view=diff
==============================================================================
--- serf/trunk/buckets/ssl_buckets.c (original)
+++ serf/trunk/buckets/ssl_buckets.c Wed Oct 21 21:07:56 2015
@@ -172,7 +172,8 @@ struct serf_ssl_context_t {
 
     /* Flag is set to 1 when a renegotiation is in progress. */
     int renegotiation;
-    int init_finished; /* True after SSL internal connection is 'connected' */
+    int handshake_finished; /* True after SSL internal connection is through
+                               the handshake */
 
     const char *selected_protocol; /* Cached protocol value once available */
     /* Protocol callback */
@@ -991,12 +992,16 @@ static apr_status_t ssl_decrypt(void *ba
     }
  
 
-    if (!ctx->init_finished
+    if (!ctx->handshake_finished
         && !SERF_BUCKET_READ_ERROR(status)) {
 
         apr_status_t s = APR_SUCCESS;
 
-        ctx->init_finished = SSL_is_init_finished(ctx->ssl);
+        /* Once we got through the initial handshake, we should have received
+           the ALPN information if there is such information. */
+        ctx->handshake_finished = SSL_is_init_finished(ctx->ssl)
+                                  || (SSL_state(ctx->ssl)
+                                      & SSL_CB_HANDSHAKE_DONE);
 
         /* Call the protocol callback as soon as possible as this triggers
            pipelining data for the selected protocol. */
@@ -1549,7 +1554,7 @@ static serf_ssl_context_t *ssl_init_cont
     ssl_ctx->server_cert_chain_callback = NULL;
 
     ssl_ctx->selected_protocol = "";
-    ssl_ctx->init_finished = FALSE;
+    ssl_ctx->handshake_finished = FALSE;
     ssl_ctx->protocol_callback = NULL;
     ssl_ctx->protocol_userdata = NULL;
 
@@ -1723,7 +1728,7 @@ static const char *ssl_get_selected_prot
         if (data && len)
             context->selected_protocol = apr_pstrmemdup(context->pool,
                                                         data, len);
-        else if (context->init_finished)
+        else if (context->handshake_finished)
             context->selected_protocol = "";
 #endif
     }



Mime
View raw message