trafficserver git commit: TS-3424 SSL Failed: decryption failed or bad record mac.
Repository: trafficserver Updated Branches: refs/heads/5.2.x 34bd59472 - 7d2d30ba2 TS-3424 SSL Failed: decryption failed or bad record mac. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/7d2d30ba Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/7d2d30ba Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/7d2d30ba Branch: refs/heads/5.2.x Commit: 7d2d30ba2c81f9da147b32bd845608430fe7ea0a Parents: 34bd594 Author: Susan Hinrichs shinr...@network-geographics.com Authored: Thu Mar 19 19:55:18 2015 -0600 Committer: Leif Hedstrom zw...@apache.org Committed: Thu Mar 19 19:55:18 2015 -0600 -- CHANGES | 2 + iocore/net/P_SSLNetVConnection.h | 3 + iocore/net/SSLNetVConnection.cc | 188 +++--- 3 files changed, 90 insertions(+), 103 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/CHANGES -- diff --git a/CHANGES b/CHANGES index 083dcb0..7898228 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,8 @@ Changes with Apache Traffic Server 5.2.1 *) [TS-3437] A null dhParams file will disable DHE. + *) [TS-3424] SSL Failed: decryption failed or bad record mac. + *) [TS-3439] Chunked responses don't honor keep-alive. *) [TS-3404] Handle race condition in handling delayed terminating chunk. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/iocore/net/P_SSLNetVConnection.h -- diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 77a3034..8cde284 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -153,6 +153,7 @@ public: this-handShakeBuffer = new_MIOBuffer(); this-handShakeReader = this-handShakeBuffer-alloc_reader(); this-handShakeHolder = this-handShakeReader-clone(); +this-handShakeBioStored = 0; } void free_handshake_buffers() { if (this-handShakeReader) { @@ -167,6 +168,7 @@ public: this-handShakeReader = NULL; this-handShakeHolder = NULL; this-handShakeBuffer = NULL; +this-handShakeBioStored = 0; } // Returns true if all the hooks reenabled bool callHooks(TSHttpHookID eventId); @@ -181,6 +183,7 @@ private: MIOBuffer *handShakeBuffer; IOBufferReader *handShakeHolder; IOBufferReader *handShakeReader; + int handShakeBioStored; /// The current hook. /// @note For @C SSL_HOOKS_INVOKE, this is the hook to invoke. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7d2d30ba/iocore/net/SSLNetVConnection.cc -- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 1c63002..5b336e4 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -361,18 +361,12 @@ SSLNetVConnection::read_raw_data() char *start = this-handShakeReader-start(); char *end = this-handShakeReader-end(); + this-handShakeBioStored = end - start; // Sets up the buffer as a read only bio target // Must be reset on each read - BIO *rbio = BIO_new_mem_buf(start, end - start); + BIO *rbio = BIO_new_mem_buf(start, this-handShakeBioStored); BIO_set_mem_eof_return(rbio, -1); - // Assigning directly into the SSL structure - // is dirty, but there is no openssl function that only - // assigns the read bio. Originally I was getting and - // resetting the same write bio, but that caused the - // inserted buffer bios to be freed and then reinserted. - //BIO *wbio = SSL_get_wbio(this-ssl); - //SSL_set_bio(this-ssl, rbio, wbio); SSL_set_rbio(this, rbio); return r; @@ -421,81 +415,76 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) // vc is an SSLNetVConnection. if (!getSSLHandShakeComplete()) { int err; -int data_to_read = 0; -char *data_ptr = NULL; -// Not done handshaking, go into the SSL handshake logic again -if (!getSSLHandShakeComplete()) { - - if (getSSLClientConnection()) { -ret = sslStartHandShake(SSL_EVENT_CLIENT, err); - } else { -ret = sslStartHandShake(SSL_EVENT_SERVER, err); - } - // If we have flipped to blind tunnel, don't read ahead - if (this-handShakeReader) { -if (this-attributes != HttpProxyPort::TRANSPORT_BLIND_TUNNEL) { - // Check and consume data that has been read - int data_still_to_read = BIO_get_mem_data(SSL_get_rbio(this-ssl), data_ptr); - data_to_read = this-handShakeReader-read_avail(); - this-handShakeReader-consume(data_to_read - data_still_to_read); +if (getSSLClientConnection()) { +
trafficserver git commit: TS-3419 Reduce to C++03, required for compiling on CentOS5/6
Repository: trafficserver Updated Branches: refs/heads/master 95cd99da5 - 73785813c TS-3419 Reduce to C++03, required for compiling on CentOS5/6 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/73785813 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/73785813 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/73785813 Branch: refs/heads/master Commit: 73785813cca88f1d776b624724954202d96fc773 Parents: 95cd99d Author: Leif Hedstrom zw...@apache.org Authored: Fri Mar 20 22:04:17 2015 -0600 Committer: Leif Hedstrom zw...@apache.org Committed: Fri Mar 20 22:04:17 2015 -0600 -- .clang-format | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/73785813/.clang-format -- diff --git a/.clang-format b/.clang-format index 0342ce2..8af2a45 100644 --- a/.clang-format +++ b/.clang-format @@ -40,7 +40,7 @@ PenaltyReturnTypeOnItsOwnLine: 200 PointerAlignment: Right SpacesBeforeTrailingComments: 1 Cpp11BracedListStyle: true -Standard:Cpp11 +Standard:Cpp03 IndentWidth: 2 TabWidth:8 UseTab: Never
[1/3] trafficserver git commit: TS-3459: Create a new config to disallow Post w/ Expect: 100-continue
Repository: trafficserver Updated Branches: refs/heads/master e26aeb9cb - 95cd99da5 TS-3459: Create a new config to disallow Post w/ Expect: 100-continue Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a30afc0c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a30afc0c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a30afc0c Branch: refs/heads/master Commit: a30afc0c8b97d5427797f2a53a0b7e89f186f5f3 Parents: e26aeb9 Author: Brian Geffon bri...@apache.org Authored: Fri Mar 20 09:45:13 2015 -0700 Committer: Brian Geffon bri...@apache.org Committed: Fri Mar 20 09:45:13 2015 -0700 -- mgmt/RecordsConfig.cc | 2 ++ proxy/http/HttpConfig.cc | 6 ++ proxy/http/HttpConfig.h| 5 - proxy/http/HttpTransact.cc | 18 ++ 4 files changed, 30 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/mgmt/RecordsConfig.cc -- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 03a32ec..c9212eb 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -440,6 +440,8 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, proxy.config.http.send_408_post_timeout_response, RECD_INT, 0, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} , + {RECT_CONFIG, proxy.config.http.disallow_post_100_continue, RECD_INT, 0, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} + , {RECT_CONFIG, proxy.config.http.share_server_sessions, RECD_INT, 2, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , {RECT_CONFIG, proxy.config.http.server_session_sharing.match, RECD_STRING, both, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.cc -- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index ab560d3..b57795e 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -1081,6 +1081,10 @@ register_stat_callbacks() (int) http_ua_msecs_counts_other_unclassified_stat, RecRawStatSyncIntMsecsToFloatSeconds); RecRegisterRawStat(http_rsb, RECT_PROCESS, + proxy.process.http.disallowed_post_100_continue, + RECD_COUNTER, RECP_PERSISTENT, (int) disallowed_post_100_continue, RecRawStatSyncCount); + + RecRegisterRawStat(http_rsb, RECT_PROCESS, proxy.process.http.total_x_redirect_count, RECD_COUNTER, RECP_PERSISTENT, (int) http_total_x_redirect_stat, RecRawStatSyncCount); @@ -1289,6 +1293,7 @@ HttpConfig::startup() HttpEstablishStaticConfigByte(c.send_100_continue_response, proxy.config.http.send_100_continue_response); HttpEstablishStaticConfigByte(c.send_408_post_timeout_response, proxy.config.http.send_408_post_timeout_response); + HttpEstablishStaticConfigByte(c.disallow_post_100_continue, proxy.config.http.disallow_post_100_continue); HttpEstablishStaticConfigByte(c.parser_allow_non_http, proxy.config.http.parse.allow_non_http); HttpEstablishStaticConfigByte(c.oride.cache_when_to_revalidate, proxy.config.http.cache.when_to_revalidate); @@ -1547,6 +1552,7 @@ HttpConfig::reconfigure() params-send_100_continue_response = INT_TO_BOOL(m_master.send_100_continue_response); params-send_408_post_timeout_response = INT_TO_BOOL(m_master.send_408_post_timeout_response); + params-disallow_post_100_continue = INT_TO_BOOL(m_master.disallow_post_100_continue); params-parser_allow_non_http = INT_TO_BOOL(m_master.parser_allow_non_http); params-oride.cache_when_to_revalidate = m_master.oride.cache_when_to_revalidate; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.h -- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index 9722144..8f678d5 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -228,6 +228,8 @@ enum http_ua_msecs_counts_errors_other_stat, http_ua_msecs_counts_other_unclassified_stat, + disallowed_post_100_continue, + http_total_x_redirect_stat, // Times @@ -733,6 +735,7 @@ public: MgmtByte send_100_continue_response; MgmtByte send_408_post_timeout_response; + MgmtByte disallow_post_100_continue; MgmtByte parser_allow_non_http; OverridableHttpConfigParams oride; @@ -743,7 +746,6 @@ public: MgmtInt autoconf_port; MgmtByte autoconf_localhost_only; - private: / // operator = and copy constructor // @@ -889,6 +891,7 @@
[3/3] trafficserver git commit: TS-3459: Create a new config to disallow Post w/ Expect: 100-continue: UPDATE CHANGES
TS-3459: Create a new config to disallow Post w/ Expect: 100-continue: UPDATE CHANGES Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/95cd99da Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/95cd99da Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/95cd99da Branch: refs/heads/master Commit: 95cd99da5d161fc2419584a0e40329f48e55e732 Parents: bf207f3 Author: Brian Geffon bri...@apache.org Authored: Fri Mar 20 09:49:06 2015 -0700 Committer: Brian Geffon bri...@apache.org Committed: Fri Mar 20 09:49:06 2015 -0700 -- CHANGES | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/95cd99da/CHANGES -- diff --git a/CHANGES b/CHANGES index 538f704..696c6ff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.0 + *) [TS-3459] Create a new config to disallow Post w/ Expect: 100-continue + *) [TS-3312] KA timeout to origin does not honor configs *) [TS-3437] A null dhParams file will disable DHE.