Adjust ssl read loops for POST timeouts

iocore/net/SSLNetVConnection.cc

@@ -206,11 +206,17 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret)
   while (sslErr == SSL_ERROR_NONE) {
     int64_t block_write_avail = buf.writer()->block_write_avail();
     if (block_write_avail <= 0) {
-      buf.writer()->add_block();
-      block_write_avail = buf.writer()->block_write_avail();
-      if (block_write_avail <= 0) {
-        Warning("Cannot add new block");
+      // If we filled up one block, give back to the event loop so we don't
+      // overbuffer.  
+      if (bytes_read > 0) {
         break;
+      } else { // Make sure there is a block to write into
+        buf.writer()->add_block();
+        block_write_avail = buf.writer()->block_write_avail();
+        if (block_write_avail <= 0) {
+          Warning("Cannot add new block");
+          break;
+        }
       }
     }
 
@@ -239,6 +245,8 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret)
       bytes_read += nread;
       if (nread > 0) {
         buf.writer()->fill(nread); // Tell the buffer, we've used the bytes
+        sslvc->netActivity(lthread);
+        //Warning("set next_inactivity %" PRId64 " current time %" PRId64, sslvc->next_inactivity_timeout_at, Thread::get_hrtime());
       }
       break;
     case SSL_ERROR_WANT_WRITE:
@@ -302,6 +310,10 @@ ssl_read_from_net(SSLNetVConnection *sslvc, EThread *lthread, int64_t &ret)
     ret = bytes_read;
 
     event = (s->vio.ntodo() <= 0) ? SSL_READ_COMPLETE : SSL_READ_READY;
+    if (sslErr == SSL_ERROR_NONE && s->vio.ntodo() > 0) {
+      // We stopped with data on the wire (to avoid overbuffering).  Make sure we are triggered
+     sslvc->read.triggered = 1;
+    }
   } else { // if( bytes_read > 0 )
 #if defined(_DEBUG)
     if (bytes_read == 0) {
@@ -994,14 +1006,6 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
       } else {
         clientCTX = params->client_ctx;
       }
-
-      if (this->options.clientVerificationFlag && params->clientCACertFilename != nullptr && params->clientCACertPath != nullptr) {
-        if (!SSL_CTX_load_verify_locations(clientCTX, params->clientCACertFilename, params->clientCACertPath)) {
-          SSLError("invalid client CA Certificate file (%s) or CA Certificate path (%s)", params->clientCACertFilename,
-                   params->clientCACertPath);
-          return EVENT_ERROR;
-        }
-      }
       this->ssl = make_ssl_connection(clientCTX, this);
 
       if (this->ssl == nullptr) {

iocore/net/UnixNetVConnection.cc

@@ -1234,6 +1234,7 @@ UnixNetVConnection::mainEvent(int event, Event *e)
     // ink_assert(next_inactivity_timeout_at < Thread::get_hrtime());
     if (!inactivity_timeout_in || next_inactivity_timeout_at > Thread::get_hrtime())
       return EVENT_CONT;
+    Warning("next_inactivity %" PRId64 " current time %" PRId64, next_inactivity_timeout_at, Thread::get_hrtime());
     signal_event      = VC_EVENT_INACTIVITY_TIMEOUT;
     signal_timeout_at = &next_inactivity_timeout_at;
   } else {

proxy/http/HttpSM.cc

@@ -3611,6 +3611,7 @@ HttpSM::tunnel_handler_post_ua(int event, HttpTunnelProducer *p)
     //   timeouts
     ua_entry->vc_handler = &HttpSM::state_watch_for_client_abort;
     ua_entry->read_vio   = p->vc->do_io_read(this, INT64_MAX, ua_buffer_reader->mbuf);
+    //ua_session->set_inactivity_timeout(0);
     break;
   default:
     ink_release_assert(0);
@@ -3697,6 +3698,7 @@ HttpSM::tunnel_handler_post_server(int event, HttpTunnelConsumer *c)
     //  on the user agent in order to get timeouts
     //  coming to the state machine and not the tunnel
     ua_entry->vc_handler = &HttpSM::state_watch_for_client_abort;
+    //ua_session->set_inactivity_timeout(0);
 
     // YTS Team, yamsat Plugin
     // When event is VC_EVENT_ERROR,and when redirection is enabled