This is an automated email from the ASF dual-hosted git repository.
cliffjansen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
The following commit(s) were added to refs/heads/main by this push:
new 0585bfde4 PROTON-2736: tls library - restore fixes backed out by
mistake in previous jaeger/oltp commit
0585bfde4 is described below
commit 0585bfde42171e12bc209537f74245c898a04964
Author: Clifford Jansen
AuthorDate: Mon May 29 09:56:12 2023 -0700
PROTON-2736: tls library - restore fixes backed out by mistake in previous
jaeger/oltp commit
---
c/src/tls/openssl.c | 38 --
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/c/src/tls/openssl.c b/c/src/tls/openssl.c
index 8c96a35d6..0c3b6bd66 100644
--- a/c/src/tls/openssl.c
+++ b/c/src/tls/openssl.c
@@ -2112,7 +2112,8 @@ static void decrypt(pn_tls_t *tls) {
pbuffer_t *pending = next_decrypt_pending(tls);
bool peek_needed = false;
- while (true) {
+ bool decrypt_done = false;
+ while (!decrypt_done) {
if (tls->pn_tls_err)
return;
@@ -2166,23 +2167,32 @@ static void decrypt(pn_tls_t *tls) {
}
// Done if not possible to move any more bytes from input to output bufs
-if (tls->dec_closed) break;
-if ((!pending || tls->dec_wblocked) // write side
-&& (!curr_result || tls->dec_rblocked)) // read side
- break;
- }
+if ( (tls->dec_closed || !pending || tls->dec_wblocked) /* write side */ &&
+ (!curr_result || tls->dec_rblocked) ) /* read side */ {
+ decrypt_done = true;
+ if (peek_needed && !tls->pn_tls_err && !tls->dec_closed) {
+// Set dec_rpending.
+// Make OpenSSL process input to at least first decrypted byte (if any)
+char unused;
+int pcount = SSL_peek(tls->ssl, , 1);
+tls->dec_rpending = (pcount == 1);
+if (pcount <= 0) {
+ check_error_reason(tls, pcount);
+}
- if (!tls->pn_tls_err && peek_needed) {
-// Make OpenSSL examine the next buffered TLS record (if exists and
complete)
-char unused;
-int pcount = SSL_peek(tls->ssl, , 1);
-tls->dec_rpending = (pcount == 1);
-if (pcount <= 0) {
- check_error_reason(tls, pcount);
+// Peek may have made more room in buffer (i.e. handshake followed by
large
+// incomplete application record and dec_wblocked). If we did not
process an
+// application record, we must have processed at least one non-app
record.
+// No longer write blocked after peek. PROTON-2736.
+if (!tls->dec_rpending && tls->dec_wblocked) {
+ decrypt_done = false;
+ tls->dec_wblocked = false;
+}
+ }
}
}
- if (!tls->pn_tls_err && !tls->handshake_ok && SSL_do_handshake(tls->ssl) ==
1) {
+ if (!tls->handshake_ok && SSL_do_handshake(tls->ssl) == 1) {
tls->handshake_ok = true;
tls->can_shutdown = true;
}
-
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org