- Fix that multiple dns fragments can be carried in one TLS frame.

git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -2,6 +2,7 @@
 	- Fix tcp idle timeout test, for difference in the tcp reply code.
 	- Unit test for tcp request reorder and timeouts.
 	- Unit tests for ssl out of order processing.
+	- Fix that multiple dns fragments can be carried in one TLS frame.
 
 17 January 2018: Wouter
 	- For caps-for-id fallback, use the whitelist to avoid timeout

services/listen_dnsport.c

@@ -1620,6 +1620,10 @@ tcp_req_info_setup_listen(struct tcp_req_info* req)
 		req->cp->tcp_is_reading = 1;
 		comm_point_start_listening(req->cp, -1,
 			req->cp->tcp_timeout_msec);
+		/* and also read it (from SSL stack buffers), so
+		 * no event read event is expected since the remainder of
+		 * the TLS frame is sitting in the buffers. */
+		req->read_again = 1;
 	} else {
 		comm_point_start_listening(req->cp, -1,
 			req->cp->tcp_timeout_msec);

services/listen_dnsport.h

@@ -258,6 +258,8 @@ struct tcp_req_info {
 	int is_reply;
 	/** read channel has closed, just write pending results */
 	int read_is_closed;
+	/** read again */
+	int read_again;
 	/** number of outstanding requests */
 	int num_open_req;
 	/** list of outstanding requests */

util/netevent.c

@@ -1353,6 +1353,17 @@ ssl_handle_write(struct comm_point* c)
 static int
 ssl_handle_it(struct comm_point* c)
 {
+	if(c->tcp_req_info) {
+		do {
+			int r;
+			c->tcp_req_info->read_again = 0;
+			if(c->tcp_is_reading)
+				r = ssl_handle_read(c);
+			else r = ssl_handle_write(c);
+			if(!r) return r;
+		} while (c->tcp_req_info->read_again);
+		return 1;
+	}
 	if(c->tcp_is_reading)
 		return ssl_handle_read(c);
 	return ssl_handle_write(c);