GitHub user oknet opened a pull request:
https://github.com/apache/trafficserver/pull/374
TS-4075: add a state check for sslHandshakeHookState
Add a state check for sslHandshakeHookState after PreAcceptHookState
checking in sslServerHandShakeEvent().
and modify the codes in reenable() and callHooks() to fit the patch
The Processing:
path A for normal handshake.
path B for ssl session reuse
1. client initial a tcp connection with ATS
2. ATS trigger a PreAccept Hooks
3. PreAccept Hooks Done
4a. client send a "Client Hello with Sever Cert Request"
5a. set handshakestate to CERT from PRE
6a. SSLAccept() got a "Server Cert Request" then trigger callHooks()
7a. set curHooks
8a. if curHook != NULL then set handshakestate to INVOKE and invoke hooks.
9a. reenable in Hooks A
10a. invoke Hook B and next Hooks ... until curHook == NULL
11a. set handshakestate to DONE
12. SSLAccept() handshake finished
4b. client send a "ssl session reuse request"
5b. set handshakestate to CERT from PRE
6b. SSLAccept() got a "ssl session reuse reques" then reuse session
handshake finished
7b. set handshakestate to DONE from CERT
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/oknet/trafficserver patch-2
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/374.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #374
----
commit 0de7e196aadac090a412b720df7e5faf9183b5ba
Author: Oknet <xuc...@gmail.com>
Date: 2015-12-14T12:00:45Z
TS-4075: add a state check for sslHandshakeHookState after
PreAcceptHookState checking
Add a state check for sslHandshakeHookState after PreAcceptHookState
checking in sslServerHandShakeEvent().
and modify the codes in reenable() and callHooks() to fit the patch
The Processing:
1. client initial a tcp connection with ATS
2. ATS trigger a PreAccept Hooks
3. PreAccept Hooks Done
4a. client send a "Client Hello with Sever Cert Request"
5a. set handshakestate to CERT from PRE
6a. SSLAccept() got a "Server Cert Request" then trigger callHooks()
7a. set curHooks
8a. if curHook != NULL then set handshakestate to INVOKE and invoke hooks.
9a. reenable in Hooks A
10a. invoke Hook B and next Hooks ... until curHook == NULL
11a. set handshakestate to DONE
12. SSLAccept() handshake finished
4b. client send a "ssl session reuse request"
5b. set handshakestate to CERT from PRE
6b. SSLAccept() got a "ssl session reuse reques" then reuse session
handshake finished
7b. set handshakestate to DONE from CERT
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
