trafficserver git commit: TS-3424 SSL Failed: decryption failed or bad record mac.
Repository: trafficserver
Updated Branches:
refs/heads/5.2.x 34bd59472 - 7d2d30ba2
TS-3424 SSL Failed: decryption failed or bad record mac.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/7d2d30ba
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/7d2d30ba
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/7d2d30ba
Branch: refs/heads/5.2.x
Commit: 7d2d30ba2c81f9da147b32bd845608430fe7ea0a
Parents: 34bd594
Author: Susan Hinrichs shinr...@network-geographics.com
Authored: Thu Mar 19 19:55:18 2015 -0600
Committer: Leif Hedstrom zw...@apache.org
Committed: Thu Mar 19 19:55:18 2015 -0600
--
CHANGES | 2 +
iocore/net/P_SSLNetVConnection.h | 3 +
iocore/net/SSLNetVConnection.cc | 188 +++---
3 files changed, 90 insertions(+), 103 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/CHANGES
--
diff --git a/CHANGES b/CHANGES
index 083dcb0..7898228 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,8 @@ Changes with Apache Traffic Server 5.2.1
*) [TS-3437] A null dhParams file will disable DHE.
+ *) [TS-3424] SSL Failed: decryption failed or bad record mac.
+
*) [TS-3439] Chunked responses don't honor keep-alive.
*) [TS-3404] Handle race condition in handling delayed terminating chunk.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/iocore/net/P_SSLNetVConnection.h
--
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 77a3034..8cde284 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -153,6 +153,7 @@ public:
this-handShakeBuffer = new_MIOBuffer();
this-handShakeReader = this-handShakeBuffer-alloc_reader();
this-handShakeHolder = this-handShakeReader-clone();
+this-handShakeBioStored = 0;
}
void free_handshake_buffers() {
if (this-handShakeReader) {
@@ -167,6 +168,7 @@ public:
this-handShakeReader = NULL;
this-handShakeHolder = NULL;
this-handShakeBuffer = NULL;
+this-handShakeBioStored = 0;
}
// Returns true if all the hooks reenabled
bool callHooks(TSHttpHookID eventId);
@@ -181,6 +183,7 @@ private:
MIOBuffer *handShakeBuffer;
IOBufferReader *handShakeHolder;
IOBufferReader *handShakeReader;
+ int handShakeBioStored;
/// The current hook.
/// @note For @C SSL_HOOKS_INVOKE, this is the hook to invoke.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/iocore/net/SSLNetVConnection.cc
--
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 1c63002..5b336e4 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -361,18 +361,12 @@ SSLNetVConnection::read_raw_data()
char *start = this-handShakeReader-start();
char *end = this-handShakeReader-end();
+ this-handShakeBioStored = end - start;
// Sets up the buffer as a read only bio target
// Must be reset on each read
- BIO *rbio = BIO_new_mem_buf(start, end - start);
+ BIO *rbio = BIO_new_mem_buf(start, this-handShakeBioStored);
BIO_set_mem_eof_return(rbio, -1);
- // Assigning directly into the SSL structure
- // is dirty, but there is no openssl function that only
- // assigns the read bio. Originally I was getting and
- // resetting the same write bio, but that caused the
- // inserted buffer bios to be freed and then reinserted.
- //BIO *wbio = SSL_get_wbio(this-ssl);
- //SSL_set_bio(this-ssl, rbio, wbio);
SSL_set_rbio(this, rbio);
return r;
@@ -421,81 +415,76 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread
*lthread)
// vc is an SSLNetVConnection.
if (!getSSLHandShakeComplete()) {
int err;
-int data_to_read = 0;
-char *data_ptr = NULL;
-// Not done handshaking, go into the SSL handshake logic again
-if (!getSSLHandShakeComplete()) {
-
- if (getSSLClientConnection()) {
-ret = sslStartHandShake(SSL_EVENT_CLIENT, err);
- } else {
-ret = sslStartHandShake(SSL_EVENT_SERVER, err);
- }
- // If we have flipped to blind tunnel, don't read ahead
- if (this-handShakeReader) {
-if (this-attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) {
- // Check and consume data that has been read
- int data_still_to_read = BIO_get_mem_data(SSL_get_rbio(this-ssl),
data_ptr);
- data_to_read = this-handShakeReader-read_avail();
- this-handShakeReader-consume(data_to_read - data_still_to_read);
+if (getSSLClientConnection()) {
+
trafficserver git commit: TS-3419 Reduce to C++03, required for compiling on CentOS5/6
Repository: trafficserver Updated Branches: refs/heads/master 95cd99da5 - 73785813c TS-3419 Reduce to C++03, required for compiling on CentOS5/6 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/73785813 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/73785813 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/73785813 Branch: refs/heads/master Commit: 73785813cca88f1d776b624724954202d96fc773 Parents: 95cd99d Author: Leif Hedstrom zw...@apache.org Authored: Fri Mar 20 22:04:17 2015 -0600 Committer: Leif Hedstrom zw...@apache.org Committed: Fri Mar 20 22:04:17 2015 -0600 -- .clang-format | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/73785813/.clang-format -- diff --git a/.clang-format b/.clang-format index 0342ce2..8af2a45 100644 --- a/.clang-format +++ b/.clang-format @@ -40,7 +40,7 @@ PenaltyReturnTypeOnItsOwnLine: 200 PointerAlignment: Right SpacesBeforeTrailingComments: 1 Cpp11BracedListStyle: true -Standard:Cpp11 +Standard:Cpp03 IndentWidth: 2 TabWidth:8 UseTab: Never
[1/3] trafficserver git commit: TS-3459: Create a new config to disallow Post w/ Expect: 100-continue
Repository: trafficserver
Updated Branches:
refs/heads/master e26aeb9cb - 95cd99da5
TS-3459: Create a new config to disallow Post w/ Expect: 100-continue
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a30afc0c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a30afc0c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a30afc0c
Branch: refs/heads/master
Commit: a30afc0c8b97d5427797f2a53a0b7e89f186f5f3
Parents: e26aeb9
Author: Brian Geffon bri...@apache.org
Authored: Fri Mar 20 09:45:13 2015 -0700
Committer: Brian Geffon bri...@apache.org
Committed: Fri Mar 20 09:45:13 2015 -0700
--
mgmt/RecordsConfig.cc | 2 ++
proxy/http/HttpConfig.cc | 6 ++
proxy/http/HttpConfig.h| 5 -
proxy/http/HttpTransact.cc | 18 ++
4 files changed, 30 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/mgmt/RecordsConfig.cc
--
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 03a32ec..c9212eb 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -440,6 +440,8 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, proxy.config.http.send_408_post_timeout_response, RECD_INT,
0, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL}
,
+ {RECT_CONFIG, proxy.config.http.disallow_post_100_continue, RECD_INT, 0,
RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL}
+ ,
{RECT_CONFIG, proxy.config.http.share_server_sessions, RECD_INT, 2,
RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
,
{RECT_CONFIG, proxy.config.http.server_session_sharing.match, RECD_STRING,
both, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.cc
--
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index ab560d3..b57795e 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -1081,6 +1081,10 @@ register_stat_callbacks()
(int) http_ua_msecs_counts_other_unclassified_stat,
RecRawStatSyncIntMsecsToFloatSeconds);
RecRegisterRawStat(http_rsb, RECT_PROCESS,
+ proxy.process.http.disallowed_post_100_continue,
+ RECD_COUNTER, RECP_PERSISTENT, (int)
disallowed_post_100_continue, RecRawStatSyncCount);
+
+ RecRegisterRawStat(http_rsb, RECT_PROCESS,
proxy.process.http.total_x_redirect_count,
RECD_COUNTER, RECP_PERSISTENT,
(int) http_total_x_redirect_stat, RecRawStatSyncCount);
@@ -1289,6 +1293,7 @@ HttpConfig::startup()
HttpEstablishStaticConfigByte(c.send_100_continue_response,
proxy.config.http.send_100_continue_response);
HttpEstablishStaticConfigByte(c.send_408_post_timeout_response,
proxy.config.http.send_408_post_timeout_response);
+ HttpEstablishStaticConfigByte(c.disallow_post_100_continue,
proxy.config.http.disallow_post_100_continue);
HttpEstablishStaticConfigByte(c.parser_allow_non_http,
proxy.config.http.parse.allow_non_http);
HttpEstablishStaticConfigByte(c.oride.cache_when_to_revalidate,
proxy.config.http.cache.when_to_revalidate);
@@ -1547,6 +1552,7 @@ HttpConfig::reconfigure()
params-send_100_continue_response =
INT_TO_BOOL(m_master.send_100_continue_response);
params-send_408_post_timeout_response =
INT_TO_BOOL(m_master.send_408_post_timeout_response);
+ params-disallow_post_100_continue =
INT_TO_BOOL(m_master.disallow_post_100_continue);
params-parser_allow_non_http = INT_TO_BOOL(m_master.parser_allow_non_http);
params-oride.cache_when_to_revalidate =
m_master.oride.cache_when_to_revalidate;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.h
--
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index 9722144..8f678d5 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -228,6 +228,8 @@ enum
http_ua_msecs_counts_errors_other_stat,
http_ua_msecs_counts_other_unclassified_stat,
+ disallowed_post_100_continue,
+
http_total_x_redirect_stat,
// Times
@@ -733,6 +735,7 @@ public:
MgmtByte send_100_continue_response;
MgmtByte send_408_post_timeout_response;
+ MgmtByte disallow_post_100_continue;
MgmtByte parser_allow_non_http;
OverridableHttpConfigParams oride;
@@ -743,7 +746,6 @@ public:
MgmtInt autoconf_port;
MgmtByte autoconf_localhost_only;
-
private:
/
// operator = and copy constructor //
@@ -889,6 +891,7 @@
[3/3] trafficserver git commit: TS-3459: Create a new config to disallow Post w/ Expect: 100-continue: UPDATE CHANGES
TS-3459: Create a new config to disallow Post w/ Expect: 100-continue: UPDATE CHANGES Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/95cd99da Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/95cd99da Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/95cd99da Branch: refs/heads/master Commit: 95cd99da5d161fc2419584a0e40329f48e55e732 Parents: bf207f3 Author: Brian Geffon bri...@apache.org Authored: Fri Mar 20 09:49:06 2015 -0700 Committer: Brian Geffon bri...@apache.org Committed: Fri Mar 20 09:49:06 2015 -0700 -- CHANGES | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/95cd99da/CHANGES -- diff --git a/CHANGES b/CHANGES index 538f704..696c6ff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.0 + *) [TS-3459] Create a new config to disallow Post w/ Expect: 100-continue + *) [TS-3312] KA timeout to origin does not honor configs *) [TS-3437] A null dhParams file will disable DHE.
