bufferevent_ssl is missing evbuffer_freeze protection

[thefallentree]

libevent/bufferevent_ssl.c

Line 417 in bca2652

if (evbuffer_drain(output, n_written))

in here bufferevent_ssl is doing a evbuffer_drain without unfreezing and freezing the output . And further more, the consider_writing() return code isn't actually checked, which means if the buffer is freezed from outside , the bufferevent_ssl will repeatedly send same content over and over without draining it from the buffeer.

[thefallentree]

actually what is the protocol for freeze and unfreeze? should evbuffer be kept frozen most of the time or should it not ? It's unclear from the doc. evbuffer_sock , evbuffer_sockpari, and evbuffer_ssl does different things. evhttp also kept the buffer freezed

[azat]

Hello, thanks for the report!

It is a good idea to add freezing to SSL layer.
Can you submit a PR?

[thefallentree]

@azat : is there documentation around what freezing is intended for and the what is the right protocol here? (For example: should various layer keep buffer freezed in front at all time, and unfreezed in the tail or something else? )

[azat]

Sorry for the delay.

is there documentation around what freezing is intended for and the what is the right protocol here? (For example: should various layer keep buffer freezed in front at all time, and unfreezed in the tail or something else? )

There is not a lot of developers-related documentation (sadly), but all bufferevents implementations should follow the same patterns or describe why it is not possible. I don't see any reasons for not freeze the buffer for SSL.