BUG/MEDIUM: ssl: Fix some reneg cases not correctly handled. SSL may decide to switch to a handshake in the middle of a transfer due to a reneg. In this case we don't want to re-enable polling because data might have been left pending in the buffer. We just want to switch immediately to the handshake mode.

commit: 282a76acc17b1c23c5204addc2f7d5019cded704 [log] [tgz]
author: Emeric Brun <ebrun@exceliance.fr> Thu Nov 08 18:02:56 2012 +0100
committer: Willy Tarreau <w@1wt.eu> Mon Nov 12 11:43:05 2012 +0100
tree: 421802565d0fef69016b5c69b1a676fa57e6105c
parent: 8af8dd1a9a2f76b765a35d248dd56f12669564d4 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2fba79b..8fec632 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -984,6 +984,12 @@
 				break;
 			}
 			else if (ret == SSL_ERROR_WANT_READ) {
+				if (SSL_renegotiate_pending(conn->xprt_ctx)) {
+					/* handshake is running, and it may need to re-enable read */
+					conn->flags |= CO_FL_SSL_WAIT_HS;
+					__conn_sock_want_recv(conn);
+					break;
+				}
 				/* we need to poll for retry a read later */
 				__conn_data_poll_recv(conn);
 				break;
@@ -1056,6 +1062,12 @@
 		else {
 			ret = SSL_get_error(conn->xprt_ctx, ret);
 			if (ret == SSL_ERROR_WANT_WRITE) {
+				if (SSL_renegotiate_pending(conn->xprt_ctx)) {
+					/* handshake is running, and it may need to re-enable write */
+					conn->flags |= CO_FL_SSL_WAIT_HS;
+					__conn_sock_want_send(conn);
+					break;
+				}
 				/* we need to poll to retry a write later */
 				__conn_data_poll_send(conn);
 				break;
commit	282a76acc17b1c23c5204addc2f7d5019cded704	[log] [tgz]
author	Emeric Brun <ebrun@exceliance.fr>	Thu Nov 08 18:02:56 2012 +0100
committer	Willy Tarreau <w@1wt.eu>	Mon Nov 12 11:43:05 2012 +0100
tree	421802565d0fef69016b5c69b1a676fa57e6105c
parent	8af8dd1a9a2f76b765a35d248dd56f12669564d4 [diff]