If a renegotiation is required for the location, and the request * includes a message body (and the client has not requested a "100 * Continue" response), then the client will be streaming the request * body over the wire already. In that case, it is not possible to * stop and perform a new SSL handshake immediately; once the SSL * library moves to the "accept" state, it will reject the SSL
| 78 | * error code on failure. |
| 79 | */ |
| 80 | static int fill_reneg_buffer(request_rec *r, SSLDirConfigRec *dc) |
| 81 | { |
| 82 | int rv; |
| 83 | apr_size_t rsize; |
| 84 | |
| 85 | /* ### this is HTTP/1.1 specific, special case for protocol? */ |
| 86 | if (r->expecting_100 || !ap_request_has_body(r)) { |
| 87 | return 0; |
| 88 | } |
| 89 | |
| 90 | rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE : dc->nRenegBufferSize; |
| 91 | if (rsize > 0) { |
| 92 | /* Fill the I/O buffer with the request body if possible. */ |
| 93 | rv = ssl_io_buffer_fill(r, rsize); |
| 94 | } |
| 95 | else { |
| 96 | /* If the reneg buffer size is set to zero, just fail. */ |
| 97 | rv = HTTP_REQUEST_ENTITY_TOO_LARGE; |
| 98 | } |
| 99 | |
| 100 | return rv; |
| 101 | } |
| 102 | |
| 103 | #ifdef HAVE_TLSEXT |
| 104 | /* Check whether a transition from vhost sc1 to sc2 from SNI to Host: |
no test coverage detected