Serverside opportunistic TLS not working; backport to stable releases?
When operating an SSL server, passing leftover data to SSL.File()->accept(s)
results in the connection stalling; the ServerHello packet doesn't actually get written. Solution is to do the same thing as in connect()
, calling queue_write()
when in nonblocking mode (which is the default).
Test case: ssl_or_not.pike If all is well, it should report two successful connections. With vanilla Pike 8.0 and 8.1, this stalls rather than establishing the second connection.
Note that the same issue affects the opportunistic_tls()
method of Protocols.HTTP.Server.Request and its friends, but this could also happen with a STARTTLS style of handshake if the client sends the command and immediately begins the handshake.
Fix has been applied to Pike 9 (478d4d9b2e). Should it be backported?