On 11/19/2009 04:58 PM, Joe Orton wrote: > On Thu, Nov 19, 2009 at 04:05:34PM +0100, Hartmut Keil wrote: >> With the proposed change, we prevent request splitting attacks based >> on the TSL renegotiation flaw. From my point of view without >> drawbacks, since 'pipelining' clients must handle the closing of a >> connection after a complete response in any case. > > Yes, I agree, this seems very sensible, I can't see any problem with > this. > > I would prefer to do it in a slightly more general way as below, which > would catch the case where any other module's connection filter had > buffered the data, and adds appropriate logging. > > (more general but which required half a day tracking down an obscure bug > in the BIO/filters, also fixed below...) > > Testing on this version very welcome!
Anything that prevents this from committing? Regards Rüdiger
