[ https://issues.apache.org/jira/browse/TS-3372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14312619#comment-14312619 ]
Susan Hinrichs commented on TS-3372: ------------------------------------ The openssl team added a SSL_set_rbio to their master (will be 1.1). Need to updated ifdefs to pick up that version instead of our internal version if we are compiling against openssl 1.1 or better. > Need to find another solution to SSL_set_rbio > --------------------------------------------- > > Key: TS-3372 > URL: https://issues.apache.org/jira/browse/TS-3372 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Susan Hinrichs > Assignee: Susan Hinrichs > Fix For: 5.3.0 > > > We currently use readonly membuf BIOs to feed the handshake buffers into the > SSL_accept. We added this to enable a SSL connection to transition into a > blind tunneled connection. We would have the first packet in a io buffer > ready to send onto the origin server if the plugin decided to blind tunnel. > To make this work, we would have to reset the read bio on each packet, since > we are passing in read-only pointers to our io buffer structures. > Openssl provides a SSL_set_bio() call that lets you reset the read and write > bios for the SSL. And you could use SSL_get_wbio() to feed back in the same > write bio. But in the code, if buffered output is enabled (which it is in > our case), the write bio state is changed even if the write bio we pass in is > identical to the write bio that is already present. > To make things work, I added a SSL_set_rbio that only frees and sets the > rbio. This works fine for us. But with the next major version (1.1) we will > not be able to read into the ssl data structure and adjust the rbio field > directly. > Either we need to find the official approved solution to this problem or get > them to add one. > We have also discussed bypassing the openssl buffering and use ATS buffing > based on io buffers. -- This message was sent by Atlassian JIRA (v6.3.4#6332)