external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-02-13 20:01:56 +00:00
Code Issues Releases Wiki Activity

For #1657, fix the http read bug

Browse source
This commit is contained in:
winlin 2020-11-06 20:45:44 +08:00
parent 79655adea0
commit 6dc9824495
3 changed files with 41 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
trunk/src/app/srs_app_conn.cpp
View file

@ -523,6 +523,13 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1);
// No renegotiation, or there maybe extra data during security transport.
// @see https://gist.github.com/darrenjs/4645f115d10aa4b5cebf57483ec82eca#file-ssl_server_nonblock-c-L281
// @remark SSL_OP_NO_RENEGOTIATION was added in OpenSSL 1.1.0h.
#if (OPENSSL_VERSION_NUMBER >= 0x10100068L) // v1.1.0h
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_RENEGOTIATION);
#endif
// TODO: Setup callback, see SSL_set_ex_data and SSL_set_info_callback
if ((ssl = SSL_new(ssl_ctx)) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "SSL_new ssl");
@ -705,25 +712,40 @@ srs_error_t SrsSslConnection::read(void* plaintext, size_t nn_plaintext, ssize_t
}
}
int r0 = SSL_read(ssl, plaintext, nn);
int r1 = SSL_get_error(ssl, r0); int r2 = BIO_ctrl_pending(bio_in);
if (r0 <= 0) {
// We try to read the cached data, but actually there is nothing, so try again.
if (nn_padding > 0 && r2 <= 0) {
continue;
int r0 = SSL_read(ssl, plaintext, nn); int r1 = SSL_get_error(ssl, r0);
int r2 = BIO_ctrl_pending(bio_in); int r3 = SSL_is_init_finished(ssl);
uint8_t* data = NULL; int size = BIO_get_mem_data(bio_out, &data);
// Maybe renegotiation, need to write some data .
// @see https://gist.github.com/darrenjs/4645f115d10aa4b5cebf57483ec82eca#file-ssl_server_nonblock-c-L281
if (r0 == -1 && r1 == SSL_ERROR_WANT_READ && size > 0) {
srs_warn("https: renegotiation, r0=%d, r1=%d, size=%d", r0, r2, size);
// TODO: FIXME: Maybe we should put the data in queue?
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "renegotiation: write data=%p, size=%d", data, size);
}
return srs_error_new(ERROR_HTTPS_READ, "SSL_read r0=%d, r1=%d, r2=%d, padding=%d, size=%d",
r0, r1, r2, nn_padding, nn);
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_READ, "BIO_reset r0=%d", r0);
}
// Try to read again.
continue;
}
if (r0 <= 0) {
return srs_error_new(ERROR_HTTPS_READ,
"SSL_read r0=%d, r1=%d, r2=%d, r3=%d, padding=%d, osize=%d, size=%d",
r0, r1, r2, r3, nn_padding, size, nn);
}
srs_assert(r0 <= nn_plaintext);
if (nread) {
*nread = r0;
}
break;
}
return err;
return err;
}
}
void SrsSslConnection::set_send_timeout(srs_utime_t tm)

2
trunk/src/core/srs_core_version4.hpp
View file

@ -24,6 +24,6 @@
#ifndef SRS_CORE_VERSION4_HPP
#define SRS_CORE_VERSION4_HPP
#define SRS_VERSION4_REVISION 50
#define SRS_VERSION4_REVISION 51
#endif

7
trunk/src/protocol/srs_service_http_client.cpp
View file

@ -84,6 +84,13 @@ srs_error_t SrsSslClient::handshake()
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, srs_verify_callback);
srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1);
// No renegotiation, or there maybe extra data during security transport.
// @see https://gist.github.com/darrenjs/4645f115d10aa4b5cebf57483ec82eca#file-ssl_server_nonblock-c-L281
// @remark SSL_OP_NO_RENEGOTIATION was added in OpenSSL 1.1.0h.
#if (OPENSSL_VERSION_NUMBER >= 0x10100068L) // v1.1.0h
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_RENEGOTIATION);
#endif
// TODO: Setup callback, see SSL_set_ex_data and SSL_set_info_callback
if ((ssl = SSL_new(ssl_ctx)) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "SSL_new ssl");