maria-developers team mailing list archive

Thread
Date

Re: 56ef213: MDEV-9836 Connection lost when using SSL

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Sat, 16 Apr 2016 15:39:17 +0200
Cc: vvaintroub@xxxxxxxxx
In-reply-to: <56fc40ab.6774c20a.3c35d.fffff5c6@mx.google.com>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi, Vlad!

On Mar 30, wlad@xxxxxxxxxxx wrote:
> revision-id: 56ef213b8be7c91331168df002c4f69d54a26081 (mariadb-5.5.48-15-g56ef213)
> parent(s): 11b77e9b18a8d97063b4c4a96e40bf9c75bd0e8b
> author: Vladislav Vaintroub
> committer: Vladislav Vaintroub
> timestamp: 2016-03-30 23:09:57 +0200
> message:
> 
> MDEV-9836 Connection lost when using SSL
> 
> Don't read from socket in yassl in SSL_pending().
> Just return size of the buffered unprocessed data.

As far as I understand, you make it to return the size of buffered
*processed* data.

Which is correct, according to OpenSSL documentation:

  SSL_pending() returns the number of bytes which have been processed,
  buffered and are available inside ssl for immediate read.

If you agree with my understanding, please fix the commit comment to say
"processed" and add a reference to the manual (a quote as above or "as
specified in the OpenSSL manual" or whatever you prefer).

Then ok push.

> diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
> index 9516e8b..2346533 100644
> --- a/extra/yassl/src/ssl.cpp
> +++ b/extra/yassl/src/ssl.cpp
> @@ -1471,10 +1471,6 @@ int SSL_peek(SSL* ssl, void* buffer, int sz)
>  
>  int SSL_pending(SSL* ssl)
>  {
> -    // Just in case there's pending data that hasn't been processed yet...
> -    char c;
> -    SSL_peek(ssl, &c, 1);
> -    
>      return ssl->bufferedData();
>  }
>  
Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx