diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index f74e2b297c4..daf89834c23 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -206,11 +206,17 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret) while (sslErr == SSL_ERROR_NONE) { int64_t block_write_avail = buf.writer()->block_write_avail(); if (block_write_avail <= 0) { - buf.writer()->add_block(); - block_write_avail = buf.writer()->block_write_avail(); - if (block_write_avail <= 0) { - Warning("Cannot add new block"); + // If we filled up one block, give back to the event loop so we don't + // overbuffer. + if (bytes_read > 0) { break; + } else { // Make sure there is a block to write into + buf.writer()->add_block(); + block_write_avail = buf.writer()->block_write_avail(); + if (block_write_avail <= 0) { + Warning("Cannot add new block"); + break; + } } } @@ -239,6 +245,8 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret) bytes_read += nread; if (nread > 0) { buf.writer()->fill(nread); // Tell the buffer, we've used the bytes + sslvc->netActivity(lthread); + //Warning("set next_inactivity %" PRId64 " current time %" PRId64, sslvc->next_inactivity_timeout_at, Thread::get_hrtime()); } break; case SSL_ERROR_WANT_WRITE: @@ -302,6 +310,10 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret) ret = bytes_read; event = (s->vio.ntodo() <= 0) ? SSL_READ_COMPLETE : SSL_READ_READY; + if (sslErr == SSL_ERROR_NONE && s->vio.ntodo() > 0) { + // We stopped with data on the wire (to avoid overbuffering). Make sure we are triggered + sslvc->read.triggered = 1; + } } else { // if( bytes_read > 0 ) #if defined(_DEBUG) if (bytes_read == 0) { @@ -994,14 +1006,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err) } else { clientCTX = params->client_ctx; } - - if (this->options.clientVerificationFlag && params->clientCACertFilename != nullptr && params->clientCACertPath != nullptr) { - if (!SSL_CTX_load_verify_locations(clientCTX, params->clientCACertFilename, params->clientCACertPath)) { - SSLError("invalid client CA Certificate file (%s) or CA Certificate path (%s)", params->clientCACertFilename, - params->clientCACertPath); - return EVENT_ERROR; - } - } this->ssl = make_ssl_connection(clientCTX, this); if (this->ssl == nullptr) { diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc index c914f6c52b3..73f162bf0b8 100644 --- a/iocore/net/UnixNetVConnection.cc +++ b/iocore/net/UnixNetVConnection.cc @@ -1234,6 +1234,7 @@ UnixNetVConnection::mainEvent(int event, Event *e) // ink_assert(next_inactivity_timeout_at < Thread::get_hrtime()); if (!inactivity_timeout_in || next_inactivity_timeout_at > Thread::get_hrtime()) return EVENT_CONT; + Warning("next_inactivity %" PRId64 " current time %" PRId64, next_inactivity_timeout_at, Thread::get_hrtime()); signal_event = VC_EVENT_INACTIVITY_TIMEOUT; signal_timeout_at = &next_inactivity_timeout_at; } else { diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 5e17b0fd423..c65d5b08604 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -3611,6 +3611,7 @@ HttpSM::tunnel_handler_post_ua(int event, HttpTunnelProducer *p) // timeouts ua_entry->vc_handler = &HttpSM::state_watch_for_client_abort; ua_entry->read_vio = p->vc->do_io_read(this, INT64_MAX, ua_buffer_reader->mbuf); + //ua_session->set_inactivity_timeout(0); break; default: ink_release_assert(0); @@ -3697,6 +3698,7 @@ HttpSM::tunnel_handler_post_server(int event, HttpTunnelConsumer *c) // on the user agent in order to get timeouts // coming to the state machine and not the tunnel ua_entry->vc_handler = &HttpSM::state_watch_for_client_abort; + //ua_session->set_inactivity_timeout(0); // YTS Team, yamsat Plugin // When event is VC_EVENT_ERROR,and when redirection is enabled