diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/generators/mod_status.c | 15 | ||||
-rw-r--r-- | modules/ssl/mod_ssl.c | 76 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_io.c | 53 |
3 files changed, 23 insertions, 121 deletions
diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c index 8707ebe58b..8e80202c44 100644 --- a/modules/generators/mod_status.c +++ b/modules/generators/mod_status.c @@ -557,7 +557,7 @@ static int status_handler(request_rec *r) ap_rputs("</dl>", r); if (is_async) { - int read_line = 0, write_completion = 0, lingering_close = 0, keep_alive = 0, + int write_completion = 0, lingering_close = 0, keep_alive = 0, connections = 0, stopping = 0, procs = 0; /* * These differ from 'busy' and 'ready' in how gracefully finishing @@ -574,12 +574,11 @@ static int status_handler(request_rec *r) "<th colspan=\"3\">Async connections</th></tr>\n" "<tr><th>total</th><th>accepting</th>" "<th>busy</th><th>idle</th>" - "<th>reading</th><th>writing</th><th>keep-alive</th><th>closing</th></tr>\n", r); + "<th>writing</th><th>keep-alive</th><th>closing</th></tr>\n", r); for (i = 0; i < server_limit; ++i) { ps_record = ap_get_scoreboard_process(i); if (ps_record->pid) { connections += ps_record->connections; - read_line += ps_record->read_line; write_completion += ps_record->write_completion; keep_alive += ps_record->keep_alive; lingering_close += ps_record->lingering_close; @@ -601,7 +600,7 @@ static int status_handler(request_rec *r) "<td>%s%s</td>" "<td>%u</td><td>%s</td>" "<td>%u</td><td>%u</td>" - "<td>%u</td><td>%u</td><td>%u</td><td>%u</td>" + "<td>%u</td><td>%u</td><td>%u</td>" "</tr>\n", i, ps_record->pid, dying, old, @@ -609,7 +608,6 @@ static int status_handler(request_rec *r) ps_record->not_accepting ? "no" : "yes", thread_busy_buffer[i], thread_idle_buffer[i], - ps_record->read_line, ps_record->write_completion, ps_record->keep_alive, ps_record->lingering_close); @@ -621,12 +619,12 @@ static int status_handler(request_rec *r) "<td>%d</td><td>%d</td>" "<td>%d</td><td> </td>" "<td>%d</td><td>%d</td>" - "<td>%d</td><td>%d</td><td>%d</td><td>%d</td>" + "<td>%d</td><td>%d</td><td>%d</td>" "</tr>\n</table>\n", procs, stopping, connections, busy_workers, idle_workers, - read_line, write_completion, keep_alive, lingering_close); + write_completion, keep_alive, lingering_close); } else { ap_rprintf(r, "Processes: %d\n" @@ -634,14 +632,13 @@ static int status_handler(request_rec *r) "BusyWorkers: %d\n" "IdleWorkers: %d\n" "ConnsTotal: %d\n" - "ConnsAsyncReading: %d\n" "ConnsAsyncWriting: %d\n" "ConnsAsyncKeepAlive: %d\n" "ConnsAsyncClosing: %d\n", procs, stopping, busy_workers, idle_workers, connections, - read_line, write_completion, keep_alive, lingering_close); + write_completion, keep_alive, lingering_close); } } diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index b06c7beabe..d1f6fbbc1f 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -30,7 +30,6 @@ #include "util_md5.h" #include "util_mutex.h" #include "ap_provider.h" -#include "ap_mpm.h" #include "http_config.h" #include "mod_proxy.h" /* for proxy_hook_section_post_config() */ @@ -690,80 +689,31 @@ static int ssl_hook_process_connection(conn_rec* c) { SSLConnRec *sslconn = myConnConfig(c); - int status = DECLINED; - if (sslconn && !sslconn->disabled) { /* On an active SSL connection, let the input filters initialize * themselves which triggers the handshake, which again triggers * all kinds of useful things such as SNI and ALPN. */ apr_bucket_brigade* temp; - - int again_mpm = 0; + apr_status_t rv; temp = apr_brigade_create(c->pool, c->bucket_alloc); + rv = ap_get_brigade(c->input_filters, temp, + AP_MODE_INIT, APR_BLOCK_READ, 0); + apr_brigade_destroy(temp); - if (ap_mpm_query(AP_MPMQ_CAN_AGAIN, &again_mpm) != APR_SUCCESS) { - again_mpm = 0; - } - - if (again_mpm) { - - /* Take advantage of an async MPM. If we see an EAGAIN, - * loop round and don't block. - */ - conn_state_t *cs = c->cs; - - apr_status_t rv; - - rv = ap_get_brigade(c->input_filters, temp, - AP_MODE_INIT, APR_NONBLOCK_READ, 0); - - if (rv == APR_SUCCESS) { - /* great news, lets continue */ - - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10370) - "SSL handshake completed, continuing"); - - status = DECLINED; - } - else if (rv == APR_EAGAIN) { - /* we've been asked to come around again, don't block */ - - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10371) - "SSL handshake in progress, continuing"); - - status = AGAIN; - } - else if (rv == AP_FILTER_ERROR) { - /* handshake error, but mod_ssl handled it */ - - ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10372) - "SSL handshake failed, returning error response"); - - status = DECLINED; - } - else { - /* we failed, give up */ - - cs->state = CONN_STATE_LINGER; - - ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) - "SSL handshake was not completed, " - "closing connection"); - - status = OK; + if (APR_SUCCESS != APR_SUCCESS) { + if (c->cs) { + c->cs->state = CONN_STATE_LINGER; } + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) + "SSL handshake was not completed, " + "closing connection"); + return OK; } - else { - ap_get_brigade(c->input_filters, temp, - AP_MODE_INIT, APR_BLOCK_READ, 0); - } - - apr_brigade_destroy(temp); } - - return status; + + return DECLINED; } /* diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 4445b1f787..47e3f30cdc 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -323,7 +323,6 @@ typedef struct { } char_buffer_t; typedef struct { - conn_rec *c; SSL *ssl; BIO *bio_out; ap_filter_t *f; @@ -796,32 +795,6 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx, * (This is usually the case when the client forces an SSL * renegotiation which is handled implicitly by OpenSSL.) */ - if (inctx->c->cs) { - inctx->c->cs->sense = CONN_SENSE_WANT_READ; - } - inctx->rc = APR_EAGAIN; - - if (*len > 0) { - inctx->rc = APR_SUCCESS; - break; - } - if (inctx->block == APR_NONBLOCK_READ) { - break; - } - continue; /* Blocking and nothing yet? Try again. */ - } - if (ssl_err == SSL_ERROR_WANT_WRITE) { - /* - * If OpenSSL wants to write during read, and we were - * nonblocking, report as an EAGAIN. Otherwise loop, - * pulling more data from network filter. - * - * (This is usually the case when the client forces an SSL - * renegotiation which is handled implicitly by OpenSSL.) - */ - if (inctx->c->cs) { - inctx->c->cs->sense = CONN_SENSE_WANT_WRITE; - } inctx->rc = APR_EAGAIN; if (*len > 0) { @@ -987,9 +960,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, * (This is usually the case when the client forces an SSL * renegotiation which is handled implicitly by OpenSSL.) */ - if (outctx->c->cs) { - outctx->c->cs->sense = CONN_SENSE_WANT_READ; - } + outctx->c->cs->sense = CONN_SENSE_WANT_READ; outctx->rc = APR_EAGAIN; ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c, "Want read during nonblocking write"); @@ -1518,25 +1489,10 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) } else if (ssl_err == SSL_ERROR_WANT_READ) { /* - * Call us back when ready to read *\/ + * This is in addition to what was present earlier. It is + * borrowed from openssl_state_machine.c [mod_tls]. + * TBD. */ - ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c, - "Want read during nonblocking accept"); - if (outctx->c->cs) { - outctx->c->cs->sense = CONN_SENSE_WANT_READ; - } - outctx->rc = APR_EAGAIN; - return APR_EAGAIN; - } - else if (ssl_err == SSL_ERROR_WANT_WRITE) { - /* - * Call us back when ready to write *\/ - */ - ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c, - "Want write during nonblocking accept"); - if (outctx->c->cs) { - outctx->c->cs->sense = CONN_SENSE_WANT_WRITE; - } outctx->rc = APR_EAGAIN; return APR_EAGAIN; } @@ -2339,7 +2295,6 @@ static apr_status_t ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_r } BIO_set_data(filter_ctx->pbioRead, (void *)inctx); - inctx->c = c; inctx->ssl = ssl; inctx->bio_out = filter_ctx->pbioWrite; inctx->f = filter_ctx->pInputFilter; |