mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 14:21:00 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: Always start the handshake if we can't send early data.

Browse Source 
The current code only tries to do the handshake in case we can't send early
data if we're acting as a client, which is wrong, it has to be done on the
server side too, or we end up in an infinite loop.
This commit is contained in:
Olivier Houchard 2017-11-22 17:38:37 +01:00 committed by Willy Tarreau
parent 1f89b1805b
commit 777e4b98a3
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -5514,10 +5514,8 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
if (try + conn->tmp_early_data > max_early) {
try -= (try + conn->tmp_early_data) - max_early;
if (try <= 0) {
if (objt_server(conn->target)) {
conn->flags &= ~CO_FL_EARLY_SSL_HS;
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
}
conn->flags &= ~CO_FL_EARLY_SSL_HS;
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
break;
}
}