Well, now I know what the bio_is_renegotiating call was for.

Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense.  Someone more familiar with OpenSSL should
verify the comment.

This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.

All httpd-test tests (except for the module/negotiation test) pass now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91442 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_io.c

@@ -271,6 +271,19 @@ static apr_status_t churn_input(SSLFilterRec *pRec, ap_input_mode_t eMode,
     /* Flush the output buffers. */
     churn_output(pRec);
 
+    /* Note: ssl_engine_kernel.c calls ap_get_brigade when it wants to 
+     * renegotiate.  Therefore, we must handle this by reading from
+     * the socket and *NOT* reading into ctx->b from the BIO.  This is a 
+     * very special case and needs to be treated as such.
+     *
+     * We need to tell all of the higher level filters that we didn't
+     * return anything.  OpenSSL will know that we did anyway and try to
+     * read directly via our BIO.
+     */
+    if (bio_is_renegotiating(pRec->pbioRead)) {
+        return APR_SUCCESS;
+    }
+
     /* Before we actually read any unencrypted data, go ahead and
      * let ssl_hook_process_connection have a shot at it. 
      */
@@ -436,15 +449,15 @@ static apr_status_t ssl_io_filter_Input(ap_filter_t *f,
     {
         apr_bucket_brigade *newbb;
 
+        /* ### This is bad. */
+        APR_BRIGADE_NORMALIZE(ctx->b);
+
         /* churn the state machine */
         ret = churn_input(ctx, mode, readbytes);
 
         if (ret != APR_SUCCESS)
 	        return ret;
 
-        /* ### This is bad. */
-        APR_BRIGADE_NORMALIZE(ctx->b);
-
         apr_brigade_length(ctx->b, 0, &tempread);
 
         if (*readbytes < tempread) {