MINOR: connection: remove CO_FL_SSL_WAIT_HS from CO_FL_HANDSHAKE
Most places continue to check CO_FL_HANDSHAKE while in fact they should
check CO_FL_HANDSHAKE_NOSSL, which contains all handshakes but the one
dedicated to SSL renegotiation. In fact the SSL layer should be the
only one checking CO_FL_SSL_WAIT_HS, so as to avoid processing data
when a renegotiation is in progress, but other ones randomly include it
without knowing. And ideally it should even be an internal flag that's
not exposed in the connection.
This patch takes CO_FL_SSL_WAIT_HS out of CO_FL_HANDSHAKE, uses this flag
consistently all over the code, and gets rid of CO_FL_HANDSHAKE_NOSSL.
In order to limit the confusion that has accumulated over time, the
CO_FL_SSL_WAIT_HS flag which indicates an ongoing SSL handshake,
possibly used by a renegotiation was moved after the other ones.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d61e872..dafd258 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6517,7 +6517,7 @@
}
#endif
- if (conn->flags & CO_FL_HANDSHAKE)
+ if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS))
/* a handshake was requested */
return 0;
@@ -6628,7 +6628,7 @@
if (!ctx)
goto out_error;
- if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
+ if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS | CO_FL_EARLY_SSL_HS))
/* a handshake was requested */
return 0;
@@ -6830,7 +6830,7 @@
{
struct ssl_sock_ctx *ctx = xprt_ctx;
- if (conn->flags & CO_FL_HANDSHAKE)
+ if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_SSL_WAIT_HS))
return;
if (!clean)
/* don't sent notify on SSL_shutdown */