Commit 644cff99 authored by Daniel Ruggeri's avatar Daniel Ruggeri
Browse files

*) mod_ssl: Handle SSL_read() return code 0 similarly to <0. It is needed 

              when using OpenSSL 1.1.1 and should not harm for versions before
              1.1.1.
              Without the patch for 1.1.1 a 0 byte read no longer results in
              EAGAIN but instead in APR_EOF which leads to HTTP/2 failures.
              For the changelog: Fix HTTP/2 failures when using OpenSSL 1.1.1.
     trunk patch: http://svn.apache.org/r1843954
     2.4.x patch: svn merge -c 1843954 ^/httpd/httpd/trunk .
     +1: rjung, druggeri, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1844047 13f79535-47bb-0310-9956-ffa450edef68
parent 1aba0aee

STATUS

+0 −12
Original line number Diff line number Diff line
@@ -125,18 +125,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]





  *) mod_ssl: Handle SSL_read() return code 0 similarly to <0. It is needed

              when using OpenSSL 1.1.1 and should not harm for versions before

              1.1.1.

              Without the patch for 1.1.1 a 0 byte read no longer results in

              EAGAIN but instead in APR_EOF which leads to HTTP/2 failures.

              For the changelog: Fix HTTP/2 failures when using OpenSSL 1.1.1.

     trunk patch: http://svn.apache.org/r1843954

     2.4.x patch: svn merge -c 1843954 ^/httpd/httpd/trunk .

     +1: rjung, druggeri, rpluem

     -1: 



PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

modules/ssl/ssl_engine_io.c

+33 −26
Original line number Diff line number Diff line
@@ -680,7 +680,10 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx, 
            }

            return inctx->rc;

        }

        else if (rc == 0) {

        else /* (rc <= 0) */ {

            int ssl_err;

            conn_rec *c;

            if (rc == 0) {

                /* If EAGAIN, we will loop given a blocking read,

                 * otherwise consider ourselves at EOF.

                 */
@@ -701,16 +704,12 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx, 
                else {

                    if (*len > 0) {

                        inctx->rc = APR_SUCCESS;

                }

                else {

                    inctx->rc = APR_EOF;

                }

                        break;

                    }

                }

        else /* (rc < 0) */ {

            int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);

            conn_rec *c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);

            }

            ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);

            c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);



            if (ssl_err == SSL_ERROR_WANT_READ) {

                /*
@@ -754,6 +753,10 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx, 
                                  "SSL input filter read failed.");

                }

            }

            else if (rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN) {

                inctx->rc = APR_EOF;

                break;

            }

            else /* if (ssl_err == SSL_ERROR_SSL) */ {

                /*

                 * Log SSL errors and any unexpected conditions.
@@ -763,6 +766,10 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx, 
                ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));



            }

            if (rc == 0) {

                inctx->rc = APR_EOF;

                break;

            }

            if (inctx->rc == APR_SUCCESS) {

                inctx->rc = APR_EGENERAL;

            }