On Friday 20 of November 2009 14:50:30 Daniel Stenberg wrote:
> I had a look at this just now. I must agree that it is funny that this
> hasn't caused pain for anyone yet. I guess one way to force this to happen
> to get tested, is if you can somehow enforce some kind of slow-down magic
> on an interface so that you get traffic byte-per-byte[*].
>
> The "correct" way of fixing this flaw is probably to make sure we implement
> a function for non-blocking connects and make sure we define
> 'curlssl_connect_nonblocking' to identify it. This is done already in the
> OpenSSL glue code so inspiration could be gotten from there.

Yep, I am going to write both (blocking and nonblocking) connection routines
for NSS as well. The patch will be probably not too large since a lot of code
will be shared by both.

> The point is quite simply to do as much as possible and not block, and it
> will get called again until it has completed and then it sets *done = TRUE
> so that the parent then happily moves on.

As it is already implemented within the OpenSSL part, I'll just look there
and try to do somewhat similar.

> [*] = some ideas on how to accomplish this include:
> http://monkey.org/~marius/pages/?page=trickle and
> http://wanem.sourceforge.net/ but I've not personally tried either one.

Thanks for the links! I haven't been aware of an easy way how to test this.
That's probably why the patch is still not waiting here for review ;-)

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-11-20