stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

ssl: only apply restriction if nonzero for vhost

Browse source
This commit is contained in:
Andy Green 2017-04-07 20:51:44 +08:00
parent b4b3da06a1
commit ba9d639792
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/server.c
View file

@ -1729,7 +1729,9 @@ lws_http_transaction_completed(struct lws *wsi)
*/
if (wsi->vhost->use_ssl &&
wsi->context->simultaneous_ssl == wsi->context->simultaneous_ssl_restriction) {
wsi->context->simultaneous_ssl_restriction &&
wsi->context->simultaneous_ssl ==
wsi->context->simultaneous_ssl_restriction) {
lwsl_info("%s: simultaneous_ssl_restriction and nothing pipelined\n", __func__);
return 1;
}
@ -2240,7 +2242,9 @@ try_pollout:
*/
if (wsi->vhost->use_ssl &&
context->simultaneous_ssl == context->simultaneous_ssl_restriction)
context->simultaneous_ssl_restriction &&
context->simultaneous_ssl ==
context->simultaneous_ssl_restriction)
/* no... ignore it, he won't come again until we are
* below the simultaneous_ssl_restriction limit and
* POLLIN is enabled on him again

10
lib/ssl.c
View file

@ -477,7 +477,9 @@ lws_ssl_close(struct lws *wsi)
SSL_free(wsi->ssl);
wsi->ssl = NULL;
if (wsi->context->simultaneous_ssl-- == wsi->context->simultaneous_ssl_restriction)
if (wsi->context->simultaneous_ssl_restriction &&
wsi->context->simultaneous_ssl-- ==
wsi->context->simultaneous_ssl_restriction)
/* we made space and can do an accept */
lws_gate_accepts(wsi->context, 1);
@ -507,7 +509,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
lwsl_err("%s: leaking ssl\n", __func__);
if (accept_fd == LWS_SOCK_INVALID)
assert(0);
if (context->simultaneous_ssl >= context->simultaneous_ssl_restriction) {
if (context->simultaneous_ssl_restriction &&
context->simultaneous_ssl >= context->simultaneous_ssl_restriction) {
lwsl_notice("unable to deal with SSL connection\n");
return 1;
}
@ -522,7 +525,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
compatible_close(accept_fd);
goto fail;
}
if (++context->simultaneous_ssl == context->simultaneous_ssl_restriction)
if (context->simultaneous_ssl_restriction &&
++context->simultaneous_ssl == context->simultaneous_ssl_restriction)
/* that was the last allowed SSL connection */
lws_gate_accepts(context, 0);