From 7add262721dd5d53274acedb7a5be9b7563d3813 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 9 Jan 2015 00:49:27 +0900
Subject: [PATCH] nghttpx: Detect TLS renegotiation after SSL_read and
 SSL_write

---
 src/shrpx_client_handler.cc | 16 ++++++++--------
 src/shrpx_http2_session.cc  | 14 ++++++++------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/shrpx_client_handler.cc b/src/shrpx_client_handler.cc
index 15f8d35d..3c1f7e67 100644
--- a/src/shrpx_client_handler.cc
+++ b/src/shrpx_client_handler.cc
@@ -270,10 +270,10 @@ int ClientHandler::read_tls() {
         tls_last_readlen_ = iov[0].iov_len;
         return 0;
       case SSL_ERROR_WANT_WRITE:
-        tls_last_readlen_ = iov[0].iov_len;
-        wlimit_.startw();
-        ev_timer_again(loop_, &wt_);
-        return 0;
+        if (LOG_ENABLED(INFO)) {
+          CLOG(INFO, this) << "Close connection due to TLS renegotiation";
+        }
+        return -1;
       default:
         if (LOG_ENABLED(INFO)) {
           CLOG(INFO, this) << "SSL_read: SSL_get_error returned " << err;
@@ -331,10 +331,10 @@ int ClientHandler::write_tls() {
         auto err = SSL_get_error(ssl_, rv);
         switch (err) {
         case SSL_ERROR_WANT_READ:
-          tls_last_writelen_ = len;
-          wlimit_.stopw();
-          ev_timer_stop(loop_, &wt_);
-          return 0;
+          if (LOG_ENABLED(INFO)) {
+            CLOG(INFO, this) << "Close connection due to TLS renegotiation";
+          }
+          return -1;
         case SSL_ERROR_WANT_WRITE:
           tls_last_writelen_ = len;
           wlimit_.startw();
diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc
index 3b869678..2733c7c8 100644
--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@@ -1695,9 +1695,10 @@ int Http2Session::read_tls() {
       case SSL_ERROR_WANT_READ:
         return 0;
       case SSL_ERROR_WANT_WRITE:
-        ev_io_start(loop_, &wev_);
-        ev_timer_again(loop_, &wt_);
-        return 0;
+        if (LOG_ENABLED(INFO)) {
+          SSLOG(INFO, this) << "Close connection due to TLS renegotiation";
+        }
+        return -1;
       default:
         if (LOG_ENABLED(INFO)) {
           SSLOG(INFO, this) << "SSL_read: SSL_get_error returned " << err;
@@ -1731,9 +1732,10 @@ int Http2Session::write_tls() {
         auto err = SSL_get_error(ssl_, rv);
         switch (err) {
         case SSL_ERROR_WANT_READ:
-          ev_io_stop(loop_, &wev_);
-          ev_timer_stop(loop_, &wt_);
-          return 0;
+          if (LOG_ENABLED(INFO)) {
+            SSLOG(INFO, this) << "Close connection due to TLS renegotiation";
+          }
+          return -1;
         case SSL_ERROR_WANT_WRITE:
           ev_io_start(loop_, &wev_);
           ev_timer_again(loop_, &wt_);