Hi, GWLIB's Connection module has a bug relating to how it handles large data reads over SSLed connections.
The issue lies in the function unlocked_read() in conn.c, which is called in several places to read from the underlying socket/file descriptor. Typical usage in HTTPS transactions is as follows: 1. http module polls the socket for inbound data. The callback then issues a conn_read_* call on the underlying connection object. conn_read_fixed() is used to read HTTPS POST bodies. 2. unlocked_read() is called if there isn't sufficient data in the Connection object buffer. However this only reads up to 4k bytes, and then returns, leaving it up the upper level poller to detect if there is more data to be read (and in turn call conn_read_* again). This is where the problem arises: For SSLed connections, openssl may buffer some data internally, and so reading only 4k bytes and then waiting for the next poller call can result in a timeout on the sender side while we still have data in the openssl read buffer. We tripped over this issue with Mbuni. The patch below is a suggested fix. Thanks Paul.
conn-20210308.patch
Description: Binary data