nghttpx: Detect TLS renegotiation after SSL_read and SSL_write

2015-01-09 00:49:27 +09:00 · 2015-01-09 00:49:27 +09:00 · 7add262721
parent 4a218f1b79
commit 7add262721
2 changed files with 16 additions and 14 deletions
--- a/src/shrpx_client_handler.cc
+++ b/src/shrpx_client_handler.cc
@ -270,10 +270,10 @@ int ClientHandler::read_tls() {
        tls_last_readlen_ = iov[0].iov_len;
        return 0;
      case SSL_ERROR_WANT_WRITE:
-        tls_last_readlen_ = iov[0].iov_len;
-        wlimit_.startw();
-        ev_timer_again(loop_, &wt_);
-        return 0;
+        if (LOG_ENABLED(INFO)) {
+          CLOG(INFO, this) << "Close connection due to TLS renegotiation";
+        }
+        return -1;
      default:
        if (LOG_ENABLED(INFO)) {
          CLOG(INFO, this) << "SSL_read: SSL_get_error returned " << err;
@ -331,10 +331,10 @@ int ClientHandler::write_tls() {
        auto err = SSL_get_error(ssl_, rv);
        switch (err) {
        case SSL_ERROR_WANT_READ:
-          tls_last_writelen_ = len;
-          wlimit_.stopw();
-          ev_timer_stop(loop_, &wt_);
-          return 0;
+          if (LOG_ENABLED(INFO)) {
+            CLOG(INFO, this) << "Close connection due to TLS renegotiation";
+          }
+          return -1;
        case SSL_ERROR_WANT_WRITE:
          tls_last_writelen_ = len;
          wlimit_.startw();
--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@ -1695,9 +1695,10 @@ int Http2Session::read_tls() {
      case SSL_ERROR_WANT_READ:
        return 0;
      case SSL_ERROR_WANT_WRITE:
-        ev_io_start(loop_, &wev_);
-        ev_timer_again(loop_, &wt_);
-        return 0;
+        if (LOG_ENABLED(INFO)) {
+          SSLOG(INFO, this) << "Close connection due to TLS renegotiation";
+        }
+        return -1;
      default:
        if (LOG_ENABLED(INFO)) {
          SSLOG(INFO, this) << "SSL_read: SSL_get_error returned " << err;
@ -1731,9 +1732,10 @@ int Http2Session::write_tls() {
        auto err = SSL_get_error(ssl_, rv);
        switch (err) {
        case SSL_ERROR_WANT_READ:
-          ev_io_stop(loop_, &wev_);
-          ev_timer_stop(loop_, &wt_);
-          return 0;
+          if (LOG_ENABLED(INFO)) {
+            SSLOG(INFO, this) << "Close connection due to TLS renegotiation";
+          }
+          return -1;
        case SSL_ERROR_WANT_WRITE:
          ev_io_start(loop_, &wev_);
          ev_timer_again(loop_, &wt_);