trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [trafficserver] branch master updated: TS-4075: add a state check for sslHandshakeHookState after PreAcceptHookState checking. This closes #374.
Date Wed, 04 May 2016 18:46:55 GMT
This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
       new  19cc051   TS-4075: add a state check for sslHandshakeHookState after PreAcceptHookState
checking.  This closes #374.
19cc051 is described below

commit 19cc051bb9e803855d2fb424ccf8a4b9546dc49d
Author: Oknet <xuchao@gmail.com>
AuthorDate: Mon Dec 14 20:00:45 2015 +0800

    TS-4075: add a state check for sslHandshakeHookState after PreAcceptHookState checking.
 This closes #374.
---
 iocore/net/SSLNetVConnection.cc | 52 ++++++++++++++++++++++-------------------
 1 file changed, 28 insertions(+), 24 deletions(-)

diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 7f299c2..3f688bf 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1042,6 +1042,11 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
     }
   }
 
+  // handle SNI Hooks after PreAccept Hooks
+  if (HANDSHAKE_HOOKS_DONE != sslHandshakeHookState && HANDSHAKE_HOOKS_PRE != sslHandshakeHookState)
{
+    return SSL_WAIT_FOR_HOOK;
+  }
+
   // If a blind tunnel was requested in the pre-accept calls, convert.
   // Again no data has been exchanged, so we can go directly
   // without data replay.
@@ -1387,10 +1392,9 @@ SSLNetVConnection::select_next_protocol(SSL *ssl, const unsigned char
**out, uns
 void
 SSLNetVConnection::reenable(NetHandler *nh)
 {
-  if (this->sslPreAcceptHookState != SSL_HOOKS_DONE) {
-    this->sslPreAcceptHookState = SSL_HOOKS_INVOKE;
-    this->readReschedule(nh);
-  } else {
+  if (sslPreAcceptHookState != SSL_HOOKS_DONE) {
+    sslPreAcceptHookState = SSL_HOOKS_INVOKE;
+  } else if (sslHandshakeHookState == HANDSHAKE_HOOKS_INVOKE) {
     // Reenabling from the handshake callback
     //
     // Originally, we would wait for the callback to go again to execute additinonal
@@ -1400,16 +1404,17 @@ SSLNetVConnection::reenable(NetHandler *nh)
     // here in the reenable.
     if (curHook != NULL) {
       curHook = curHook->next();
-      if (curHook != NULL) {
-        // Invoke the hook
-        curHook->invoke(TS_SSL_CERT_HOOK, this);
-      }
     }
-    if (curHook == NULL) {
+    if (curHook != NULL) {
+      // Invoke the hook and return, wait for next reenable
+      curHook->invoke(TS_SSL_CERT_HOOK, this);
+      return;
+    } else { // curHook == NULL
+      // empty, set state to HOOKS_DONE
       this->sslHandshakeHookState = HANDSHAKE_HOOKS_DONE;
-      this->readReschedule(nh);
     }
   }
+  this->readReschedule(nh);
 }
 
 bool
@@ -1433,34 +1438,33 @@ SSLNetVConnection::callHooks(TSHttpHookID eventId)
   // Only dealing with the SNI/CERT hook so far.
   // TS_SSL_SNI_HOOK and TS_SSL_CERT_HOOK are the same value
   ink_assert(eventId == TS_SSL_CERT_HOOK);
+  Debug("ssl", "callHooks sslHandshakeHookState=%d", this->sslHandshakeHookState);
 
-  // First time through, set the type of the hook that is currently
-  // being invoked
-  if (this->sslHandshakeHookState == HANDSHAKE_HOOKS_PRE) {
+  // First time through, set the type of the hook that is currently being invoked
+  if (HANDSHAKE_HOOKS_PRE == sslHandshakeHookState) {
+    // the previous hook should be DONE and set curHook to NULL before trigger the sni hook.
+    ink_assert(curHook == NULL);
+    // set to HOOKS_CERT means CERT/SNI hooks has called by SSL_accept()
     this->sslHandshakeHookState = HANDSHAKE_HOOKS_CERT;
-  }
-
-  if (this->sslHandshakeHookState == HANDSHAKE_HOOKS_CERT && eventId == TS_SSL_CERT_HOOK)
{
-    if (curHook != NULL) {
-      curHook = curHook->next();
-    } else {
-      curHook = ssl_hooks->get(TS_SSL_CERT_INTERNAL_HOOK);
-    }
+    // get Hooks
+    curHook = ssl_hooks->get(TS_SSL_CERT_INTERNAL_HOOK);
   } else {
-    // Not in the right state, or no plugins registered for this hook
+    // Not in the right state
     // reenable and continue
     return true;
   }
 
   bool reenabled = true;
-  SSLHandshakeHookState holdState = this->sslHandshakeHookState;
   if (curHook != NULL) {
     // Otherwise, we have plugin hooks to run
     this->sslHandshakeHookState = HANDSHAKE_HOOKS_INVOKE;
     curHook->invoke(eventId, this);
     reenabled = (this->sslHandshakeHookState != HANDSHAKE_HOOKS_INVOKE);
+  } else {
+    // no SNI-Hooks set, set state to HOOKS_DONE
+    // no plugins registered for this hook, return (reenabled == true)
+    sslHandshakeHookState = HANDSHAKE_HOOKS_DONE;
   }
-  this->sslHandshakeHookState = holdState;
   return reenabled;
 }
 

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Mime
View raw message