BUG: ssl: mark the connection as waiting for an SSL connection during the handshake The WAIT_L6_CONN was designed especially to ensure that the connection was not marked ready before the SSL layer was OK, but we forgot to set the flag, resulting in a rejected handshake when ssl was combined with accept-proxy because accept-proxy would validate the connection alone and the SSL handshake would then believe in a client-initiated reneg and kill it.

commit: 0573747da08f13547473db286631d54d36a4db9f [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Tue Sep 04 08:03:39 2012 +0200
committer: Willy Tarreau <w@1wt.eu> Tue Sep 04 08:03:39 2012 +0200
tree: 2a963fc111d27939c3226f285f9ae70a4b1bbb13
parent: c230b8bfb65cbcf4028187dd5a3225f6b928d194 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f5d054e..cfe788d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -86,7 +86,7 @@
 		SSL_set_fd(conn->data_ctx, conn->t.sock.fd);
 
 		/* leave init state and start handshake */
-		conn->flags |= CO_FL_SSL_WAIT_HS;
+		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 		return 0;
 	}
 	else if (target_client(&conn->target)) {
@@ -105,7 +105,7 @@
 		SSL_set_app_data(conn->data_ctx, conn);
 
 		/* leave init state and start handshake */
-		conn->flags |= CO_FL_SSL_WAIT_HS;
+		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 		return 0;
 	}
 	/* don't know how to handle such a target */
commit	0573747da08f13547473db286631d54d36a4db9f	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Tue Sep 04 08:03:39 2012 +0200
committer	Willy Tarreau <w@1wt.eu>	Tue Sep 04 08:03:39 2012 +0200
tree	2a963fc111d27939c3226f285f9ae70a4b1bbb13
parent	c230b8bfb65cbcf4028187dd5a3225f6b928d194 [diff]