ssl_io_filter_Output() to a new ssl_filter_write() function.
this will make it easier to optimize how we deal with file buckets
than cannot be mmaped.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92209 13f79535-47bb-0310-9956-ffa450edef68
an apr_bucket_brigade and use transient buckets with the SSL
malloc-ed buffer, rather than copying into a mem BIO.
also allows us to pass the brigade as data is being written
rather than buffering up the entire response in the mem BIO.
PR:
Obtained from:
Submitted by:
Reviewed by: Justin Erenkrantz, Ryan Bloom
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92206 13f79535-47bb-0310-9956-ffa450edef68
it does not actually do the reading and writing to the network. By
moving that filter to in between CONNECTION and NETWORK filters, we ensure
that SSL is always called before the core.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91969 13f79535-47bb-0310-9956-ffa450edef68
Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense. Someone more familiar with OpenSSL should
verify the comment.
This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.
All httpd-test tests (except for the module/negotiation test) pass now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91442 13f79535-47bb-0310-9956-ffa450edef68
changed some of the style issues within the filtering code to conform to
the rest of the server.
Various incarnations of this patch have been posted to dev@httpd without
feedback. Now that it passes all of the httpd-test cases (with the
exception of module/negotiation test which fails without mod_ssl anyway),
it is time to check it in.
Please review and test. We are under C-T-R rules, so I'm going to take
advantage of that and commit it now. I have tested this about as much
as I can and it seems to work from everything I can give to it.
Considering that mod_ssl was broken before this commit, this is an
improvement.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91414 13f79535-47bb-0310-9956-ffa450edef68
over an HTTPS connection. This also adds an ap_remove_input_filter
function, which should be used to remove the SSL input filter in this
case, as soon as this code is stressed a bit more.
For right now, we are sending the same message that we used to send in
mod_ssl for Apache 1.3.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90724 13f79535-47bb-0310-9956-ffa450edef68
are compatible (due to our early abort when PEEK mode is requested),
so we don't have to go to so much effort to convert from one to the other.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90530 13f79535-47bb-0310-9956-ffa450edef68
create a transient bucket pointing directly to the BIO mem buff.
this makes for a dramatic increase in performance. previously,
downloading large files (2Mb-5Mb-ish) made my laptop start to
smoke from the fan spinning so fast to cool the cpu.
also, apache stylize churn_output()
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90497 13f79535-47bb-0310-9956-ffa450edef68
one bucket at a time. prevents a problem when downloading large files.
also change ssl_io_filter_Output to apache style
and change some variable names that should make the code easier to
read/understand, e.g. pbbIn -> bb, pbktIn -> bucket
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90490 13f79535-47bb-0310-9956-ffa450edef68
previously, we'd die on an assert() (really nasty for threaded MPM) when
we hit a keepalive timeout for a browser like netscape which keeps the
connection open
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90244 13f79535-47bb-0310-9956-ffa450edef68
add support for renegotiation during the Access hook
this requires hooking into the read and write SSL BIOs in order to
flush data to the client and read from the filter chain
this also requires that the ssl filters become "aware" that
renegotitation is in progress so that the BIOs are left alone for
SSL_renegotiate/SSL_do_handshake in ssl_hook_Access to deal with
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90185 13f79535-47bb-0310-9956-ffa450edef68
if != APR_SUCCESS the ssl connection has been shutdown
(for example client cert was revoked)
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90155 13f79535-47bb-0310-9956-ffa450edef68
since the conn_rec will no longer be valid.
- eliminated the "for (;;)" processing loop in ssl_io_filter_Output() -
we'll have to do that in churn_output() if required, so that any remaining
OpenSSL data (if available) is transferred before we call the
CloseConnection.
- Any remaining data in SSL should be cleaned up ideally in the
APR_BUCKET_IS_EOS() processing stage itself, as we close the SSL connection
here.
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by: William Rowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89816 13f79535-47bb-0310-9956-ffa450edef68
latest patches from Madhusudan which makes mod_ssl 95% working inside
Apache 2.0. There is still a lot of more work (both porting and cleanup)
to do be done. See modules/ssl/README for details.
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89618 13f79535-47bb-0310-9956-ffa450edef68
longer handle the bottom line of I/O ourself. Additionally this again
simplifies mod_ssl's I/O part for later transition to mod_tls's approach
with buckets.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89019 13f79535-47bb-0310-9956-ffa450edef68
later for this or we don't do it at all. But we certainly no longer want
to see any platform specific things inside a module.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89018 13f79535-47bb-0310-9956-ffa450edef68
pre-sucking on POST requests and I/O re-injection in case of SSL
renegotiations. This all either cannot be solved any longer or at least
has to be implemented totally different through I/O layering/filtering.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89017 13f79535-47bb-0310-9956-ffa450edef68
