* modules/ssl/ssl_engine_io.c (bio_filter_out_write,

  bio_filter_in_read): Clear retry flags before aborting
  on client-initiated reneg.

PR: 63052

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850946 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 37e8314b7ca38f5c09f7ffd1ceb8d1b0be482c71..210eaeef6f7b4ec682ddbb888e750ab4c665c99c 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -209,6 +209,8 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl)
     apr_bucket *e;
     int need_flush;
 
+    BIO_clear_retry_flags(bio);
+
     /* Abort early if the client has initiated a renegotiation. */
     if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
         outctx->rc = APR_ECONNABORTED;
@@ -218,12 +220,6 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl)
     ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c,
                   "bio_filter_out_write: %i bytes", inl);
 
-    /* when handshaking we'll have a small number of bytes.
-     * max size SSL will pass us here is about 16k.
-     * (16413 bytes to be exact)
-     */
-    BIO_clear_retry_flags(bio);
-
     /* Use a transient bucket for the output data - any downstream
      * filter must setaside if necessary. */
     e = apr_bucket_transient_create(in, inl, outctx->bb->bucket_alloc);
@@ -516,14 +512,14 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen)
     if (!in)
         return 0;
 
+    BIO_clear_retry_flags(bio);
+
     /* Abort early if the client has initiated a renegotiation. */
     if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
         inctx->rc = APR_ECONNABORTED;
         return -1;
     }
 
-    BIO_clear_retry_flags(bio);
-
     if (!inctx->bb) {
         inctx->rc = APR_EOF;
         return -1;