{
/* Need to check transport status */
if (ctx->is_passive_close)
- openssl_handle_handshake_failure (ctx);
- else
- tls_notify_app_accept (ctx);
+ {
+ openssl_handle_handshake_failure (ctx);
+ return -1;
+ }
+
+ /* Accept failed, cleanup */
+ if (tls_notify_app_accept (ctx))
+ {
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
+ return -1;
+ }
}
TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s",
deq_max = clib_min (deq_max, sp->max_burst_size);
+ /* Make sure tcp's tx fifo can actually buffer all bytes to be dequeued.
+ * If under memory pressure, tls's fifo segment might not be able to
+ * allocate the chunks needed. This also avoids errors from the underlying
+ * custom bio to the ssl infra which at times can get stuck. */
+ if (svm_fifo_provision_chunks (ts->tx_fifo, 0, 0, deq_max + TLSO_CTRL_BYTES))
+ goto check_tls_fifo;
+
wrote = openssl_write_from_fifo_into_ssl (f, oc->ssl, deq_max);
if (!wrote)
goto check_tls_fifo;
{
openssl_main_t *om = &openssl_main;
openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
+ u32 read = 0, to_deq, dgram_sz, enq_max;
session_dgram_pre_hdr_t hdr;
session_t *us;
int wrote, rv;
- u32 read = 0, to_deq, dgram_sz;
u8 *buf;
us = session_get_from_handle (ctx->tls_session_handle);
ASSERT (to_deq >= hdr.data_length + SESSION_CONN_HDR_LEN);
dgram_sz = hdr.data_length + SESSION_CONN_HDR_LEN;
- if (svm_fifo_max_enqueue_prod (us->tx_fifo) < dgram_sz + TLSO_CTRL_BYTES)
+ enq_max = dgram_sz + TLSO_CTRL_BYTES;
+ if (svm_fifo_max_enqueue_prod (us->tx_fifo) < enq_max ||
+ svm_fifo_provision_chunks (us->tx_fifo, 0, 0, enq_max))
{
svm_fifo_add_want_deq_ntf (us->tx_fifo, SVM_FIFO_WANT_DEQ_NOTIF);
transport_connection_deschedule (&ctx->connection);