hcq/oceanbase
hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

[CP] fix the issue that encrypted login request from client will be unprocessed when sql protocl use ssl

Browse Source
This commit is contained in:
496148326@qq.com 2023-11-13 12:39:14 +00:00 committed by ob-robot
parent bbc7c2c804
commit ec5347d5ef
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deps/oblib/src/lib/ssl/ob_ssl_config.cpp vendored
View File

@ -420,7 +420,10 @@ static SSL_CTX* ob_ssl_create_ssl_ctx(const ObSSLConfig& ssl_config)
SSL_CTX_set_options(ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_read_ahead(ctx, 1);
/*set_read_ahead may cause the first application data that been sent after
* SSL handshake being unprocessed, forbid it.
*/
SSL_CTX_set_read_ahead(ctx, 0);
}
return ctx;
}

5
deps/ussl-hook/ssl/ssl_config.c vendored
View File

@ -475,7 +475,10 @@ static SSL_CTX *ob_ssl_create_ssl_ctx(const ssl_config_item_t *ssl_config, int t
SSL_CTX_set_options(ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_read_ahead(ctx, 1);
/*set_read_ahead may cause the first application data that been sent after
* SSL handshake being unprocessed, forbid it.
*/
SSL_CTX_set_read_ahead(ctx, 0);
}
if (0 != ret) {
SSL_CTX_free(ctx);