Michael H. Warfield <mhw(_at_)wittsend(_dot_)com>:
Eric, don't impliment this patch just yet.
I remember going over that stretch of code with a fine toothed
comb originally when it was still using SSLeay. I also remember pulling
my hair out for days till I got it to work correctly under a variety
of conditions.
It may have been a bug in the old code that is fixed in OpenSSL
now, but your fix might potentially cause some normal connections to
break. There was a reason for it being the way it was back then and it
was related to some dain bramaged behavior related to the SSL_peek call
(which was known to be buggy). That reason may no longer be valid, but
I want to test it out first in the environments where it originally went
break.
I'll concede that the infinite loop is a problem. But this
might not be the correct solution.
OK. I'll hold off on applying this pending your testing.
--
<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>