Re: svn commit: r1870095 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1870095 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Ruediger Pluem


On 11/21/19 4:51 PM, [hidden email] wrote:

> Author: jorton
> Date: Thu Nov 21 15:51:32 2019
> New Revision: 1870095
>
> URL: http://svn.apache.org/viewvc?rev=1870095&view=rev
> Log:
> Buffer HTTP request bodies for TLSv1.3 PHA in the same way as for
> TLSv<1.3 renegotiation.
>
> * modules/ssl/ssl_engine_kernel.c (fill_reneg_buffer): Factor
>   out...
>   (ssl_hook_Access_classic): ... from here.
>   (ssl_hook_Access_modern): Use it here too.
>
> Github: closes #75
>
> Modified:
>     httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1870095&r1=1870094&r2=1870095&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Nov 21 15:51:32 2019

> @@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(reques
>              }
>          }
>  
> +        /* Fill reneg buffer if required. */
> +        if (change_vmode) {

Why can't we put this block below the

if (change_vmode)

a few lines below?

> +            rc = fill_reneg_buffer(r, dc);
> +            if (rc) {
> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
> +                              "could not buffer message body to allow "
> +                              "TLS Post-Handshake Authentication to proceed");
> +                return rc;
> +            }
> +        }
> +
>          if (change_vmode) {
>              char peekbuf[1];

Regards

RĂ¼diger

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1870095 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Joe Orton
On Mon, Aug 17, 2020 at 02:07:33PM +0200, Ruediger Pluem wrote:
> On 11/21/19 4:51 PM, [hidden email] wrote:
> > Author: jorton
> > Date: Thu Nov 21 15:51:32 2019
> > New Revision: 1870095
> >
> > URL: http://svn.apache.org/viewvc?rev=1870095&view=rev
...

> > @@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(reques
> >              }
> >          }
> >  
> > +        /* Fill reneg buffer if required. */
> > +        if (change_vmode) {
>
> Why can't we put this block below the
>
> if (change_vmode)
>
> a few lines below?

Good question, thanks for the review.  No good reason, and moving the
call after the r->connection->master test is presumably better.  Done in
r1880927.

Regards, Joe