Obtained from:
Submitted by:
Reviewed by:
fix bug seen on win32 with netscape client where output filter is run
triggered by lingering_close after ssl_hook_CloseConnection has been called
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94170 13f79535-47bb-0310-9956-ffa450edef68
Obtained from:
Submitted by:
Reviewed by:
fix bug in ssl_io_input_getline():
in most cases we get all the headers on the first SSL_read.
however, in certain cases SSL_read will only get a partial
chunk of the headers, so we now try to read until LF is seen.
bug seen with netscape client (running both on linux and win32) and
server running on win32.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93931 13f79535-47bb-0310-9956-ffa450edef68
If you need the length, you should be using apr_brigade_length. This is
much more consistent. Of all the places that call ap_get_brigade, only
one (ap_http_filter) needs the length. This makes it now possible to
pass constants down without assigning them to a temporary variable first.
Also:
- Change proxy_ftp to use EXHAUSTIVE mode (didn't catch its -1 before)
- Fix buglet in mod_ssl that would cause it to return too much data in
some circumstances
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93014 13f79535-47bb-0310-9956-ffa450edef68
separate from the input filter mode type.
We also no longer look at readbytes to determine the method of
filter operation. This makes the use of filters more obvious and
allows a wider range of options for input filters modes.
To start with, the new input filter modes are:
AP_MODE_READBYTES (no more than *readbytes returned)
AP_MODE_GETLINE (old *readbytes == 0 case)
AP_MODE_EATCRLF (old AP_MODE_PEEK)
AP_MODE_SPECULATIVE (will be used in a future ap_getline rewrite)
AP_MODE_EXHAUSTIVE (old *readbytes == -1 case)
AP_MODE_INIT (special case for NNTP over SSL)
The block parameter is an apr_read_type_e: APR_BLOCK_READ, APR_NONBLOCK_READ
This also allows cleanup of mod_ssl's handling in the getline case.
Reviewed by: Ryan Bloom (concept), Greg Stein (concept)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92928 13f79535-47bb-0310-9956-ffa450edef68
- avoid creating a new bucket brigade for each EOS or FLUSH bucket
- do not pass FLUSH bucket since BIO_bucket_flush() already does so
if there is any data to flush.
- do not call apr_brigade_destroy(bb); since we will have either
emptied it or passed it, in which case it will be destroyed further
down the chain.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92885 13f79535-47bb-0310-9956-ffa450edef68
when SSL needs to flush (e.g. during SSL_accept()) it will call BIO_flush()
which will trigger a call to bio_bucket_ctrl() -> BIO_bucket_flush().
so we only need to flush the output ourselves if we receive an EOS or
FLUSH bucket.
BIO_bucket_flush() and churn_output() had been turning up near the top
of the profile with gprof. churn_output() of course has now vanished
and BIO_bucket_flush() has dropped, being called far less than before.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92271 13f79535-47bb-0310-9956-ffa450edef68
ssl_io_filter_Output() to a new ssl_filter_write() function.
this will make it easier to optimize how we deal with file buckets
than cannot be mmaped.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92209 13f79535-47bb-0310-9956-ffa450edef68
an apr_bucket_brigade and use transient buckets with the SSL
malloc-ed buffer, rather than copying into a mem BIO.
also allows us to pass the brigade as data is being written
rather than buffering up the entire response in the mem BIO.
PR:
Obtained from:
Submitted by:
Reviewed by: Justin Erenkrantz, Ryan Bloom
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92206 13f79535-47bb-0310-9956-ffa450edef68
it does not actually do the reading and writing to the network. By
moving that filter to in between CONNECTION and NETWORK filters, we ensure
that SSL is always called before the core.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91969 13f79535-47bb-0310-9956-ffa450edef68
Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense. Someone more familiar with OpenSSL should
verify the comment.
This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.
All httpd-test tests (except for the module/negotiation test) pass now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91442 13f79535-47bb-0310-9956-ffa450edef68
changed some of the style issues within the filtering code to conform to
the rest of the server.
Various incarnations of this patch have been posted to dev@httpd without
feedback. Now that it passes all of the httpd-test cases (with the
exception of module/negotiation test which fails without mod_ssl anyway),
it is time to check it in.
Please review and test. We are under C-T-R rules, so I'm going to take
advantage of that and commit it now. I have tested this about as much
as I can and it seems to work from everything I can give to it.
Considering that mod_ssl was broken before this commit, this is an
improvement.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91414 13f79535-47bb-0310-9956-ffa450edef68
over an HTTPS connection. This also adds an ap_remove_input_filter
function, which should be used to remove the SSL input filter in this
case, as soon as this code is stressed a bit more.
For right now, we are sending the same message that we used to send in
mod_ssl for Apache 1.3.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90724 13f79535-47bb-0310-9956-ffa450edef68
are compatible (due to our early abort when PEEK mode is requested),
so we don't have to go to so much effort to convert from one to the other.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90530 13f79535-47bb-0310-9956-ffa450edef68
create a transient bucket pointing directly to the BIO mem buff.
this makes for a dramatic increase in performance. previously,
downloading large files (2Mb-5Mb-ish) made my laptop start to
smoke from the fan spinning so fast to cool the cpu.
also, apache stylize churn_output()
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90497 13f79535-47bb-0310-9956-ffa450edef68
one bucket at a time. prevents a problem when downloading large files.
also change ssl_io_filter_Output to apache style
and change some variable names that should make the code easier to
read/understand, e.g. pbbIn -> bb, pbktIn -> bucket
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90490 13f79535-47bb-0310-9956-ffa450edef68
previously, we'd die on an assert() (really nasty for threaded MPM) when
we hit a keepalive timeout for a browser like netscape which keeps the
connection open
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90244 13f79535-47bb-0310-9956-ffa450edef68
add support for renegotiation during the Access hook
this requires hooking into the read and write SSL BIOs in order to
flush data to the client and read from the filter chain
this also requires that the ssl filters become "aware" that
renegotitation is in progress so that the BIOs are left alone for
SSL_renegotiate/SSL_do_handshake in ssl_hook_Access to deal with
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90185 13f79535-47bb-0310-9956-ffa450edef68
if != APR_SUCCESS the ssl connection has been shutdown
(for example client cert was revoked)
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90155 13f79535-47bb-0310-9956-ffa450edef68
