On 26.11.2009 22:06, Ruediger Pluem wrote: > > On 11/19/2009 04:58 PM, Joe Orton wrote: >> On Thu, Nov 19, 2009 at 04:05:34PM +0100, Hartmut Keil wrote: >>> With the proposed change, we prevent request splitting attacks based >>> on the TSL renegotiation flaw. From my point of view without >>> drawbacks, since 'pipelining' clients must handle the closing of a >>> connection after a complete response in any case. >> Yes, I agree, this seems very sensible, I can't see any problem with >> this. >> >> I would prefer to do it in a slightly more general way as below, which >> would catch the case where any other module's connection filter had >> buffered the data, and adds appropriate logging. >> >> (more general but which required half a day tracking down an obscure bug >> in the BIO/filters, also fixed below...) >> >> Testing on this version very welcome! > > Anything that prevents this from committing?
Ping, Joe? Regards Rüdiger