diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19bb318d..c944ff9e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,7 +68,7 @@ Users may have to change how they access the system
* Added 404 return without body if neither restconf, data or streams prefix match
* Netconf: Usage of chunked framing"
* To keep existing end-of-message encoding, set `CLICON_NETCONF_BASE_CAPABILITY` to `0`
- * Added `clixon_netconf` command-line option `-0`and changed `-H` to `-1`
+ * Added `clixon_netconf` command-line option `-0` and changed `-H` to `-1`
* `-0` means dont send hello, but fix netconf base version to 0 and use EOM framing
* `-1` means dont send hello, but fix netconf base version to 1 and use chunked framing
* New `clixon-config@2022-03-21.yang` revision
@@ -112,6 +112,7 @@ Users may have to change how they access the system
### Corrected Bugs
+* Fixed: A long TLS+HTTP/2 request such as by a browser causing block of other requests.
* Fixed: [Error message seen twice in some cases](https://github.com/clicon/clixon/issues/325)
* Fixed: [if choice is declared with multiple elements or leaf-list with in a case scope , addition or updation is not happening as expected](https://github.com/clicon/clixon/issues/327)
* This includes several choice/case adjustments to follow RFC 7950 Sec 7.9 better
diff --git a/apps/restconf/restconf_native.c b/apps/restconf/restconf_native.c
index 6bdc50fb..6c7134b7 100644
--- a/apps/restconf/restconf_native.c
+++ b/apps/restconf/restconf_native.c
@@ -465,8 +465,8 @@ native_send_badrequest(clicon_handle h,
* @retval -1 Error
*/
static int
-native_clear_input(clicon_handle h,
- restconf_stream_data *sd)
+http1_native_clear_input(clicon_handle h,
+ restconf_stream_data *sd)
{
int retval = -1;
@@ -524,6 +524,7 @@ read_ssl(restconf_conn *rc,
}
retval = 0;
done:
+ clicon_debug(1, "%s %d", __FUNCTION__, retval);
return retval;
}
@@ -577,7 +578,8 @@ read_regular(restconf_conn *rc,
}
#ifdef HAVE_HTTP1
-/*! RESTCONF HTTP/1 processing after chunk of bytes read
+
+/*! Restconf HTTP/1 processing after chunk of bytes read
*
* @param[in] rc Restconf connection handle
* @param[in] buf Input buffer
@@ -588,10 +590,10 @@ read_regular(restconf_conn *rc,
* @retval 1 OK
*/
static int
-restconf_http1(restconf_conn *rc,
- char *buf,
- size_t n,
- int *readmore)
+restconf_http1_process(restconf_conn *rc,
+ char *buf,
+ size_t n,
+ int *readmore)
{
int retval = -1;
restconf_stream_data *sd;
@@ -641,7 +643,7 @@ restconf_http1(restconf_conn *rc,
else if ((ret = clixon_event_poll(rc->rc_s)) < 0)
goto done;
if (ret > 0){
- if (native_clear_input(h, sd) < 0)
+ if (http1_native_clear_input(h, sd) < 0)
goto done;
(*readmore)++;
goto ok;
@@ -790,18 +792,21 @@ restconf_http2_upgrade(restconf_conn *rc)
}
#endif /* HAVE_LIBHTTP1 */
-/*!
+/*! Restconf HTTP/2 processing after chunk of bytes read
+ * @param[in] rc Restconf connection
* @param[in] buf Input buffer
* @param[in] n Size of input buffer
+ * @param[in] n Length of data in input buffer
+ * @param[out] readmore If set, read data again, do not continue processing
* @retval -1 Error
* @retval 0 Socket closed, quit
* @retval 1 OK
*/
static int
-restconf_http2(restconf_conn *rc,
- char *buf,
- size_t n,
- int *readmore)
+restconf_http2_process(restconf_conn *rc,
+ char *buf,
+ size_t n,
+ int *readmore)
{
int retval = -1;
int ret;
@@ -823,8 +828,14 @@ restconf_http2(restconf_conn *rc,
retval = 0;
goto done;
}
- /* There may be more data frames */
- (*readmore)++;
+ /* Check if read more data frames */
+ ret = 0;
+ if (rc->rc_ssl)
+ ret = SSL_pending(rc->rc_ssl);
+ else if ((ret = clixon_event_poll(rc->rc_s)) < 0)
+ goto done;
+ if (ret > 0)
+ (*readmore)++;
}
retval = 1;
done:
@@ -891,7 +902,7 @@ restconf_connection(int s,
#ifdef HAVE_HTTP1
case HTTP_10:
case HTTP_11:
- if ((ret = restconf_http1(rc, buf, n, &readmore)) < 0)
+ if ((ret = restconf_http1_process(rc, buf, n, &readmore)) < 0)
goto done;
if (ret == 0)
goto ok;
@@ -905,12 +916,10 @@ restconf_connection(int s,
#endif /* HAVE_HTTP1 */
#ifdef HAVE_LIBNGHTTP2
case HTTP_2:
- if ((ret = restconf_http2(rc, buf, n, &readmore)) < 0)
+ if ((ret = restconf_http2_process(rc, buf, n, &readmore)) < 0)
goto done;
if (ret == 0)
goto ok;
- if (readmore)
- continue;
break;
#endif /* HAVE_LIBNGHTTP2 */
default:
diff --git a/test/test_http_data.sh b/test/test_http_data.sh
index 1e9cec07..7e766fda 100755
--- a/test/test_http_data.sh
+++ b/test/test_http_data.sh
@@ -227,11 +227,15 @@ EOF
new "WWW get http soft link"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/inside.html)" 0 "HTTP/$HVER 403" "Content-Type: text/html" "403 Forbidden" --not-- "Dont access this"
-
- if [ ! -f /.dockerenv ] ; then # XXX Privs dont not work on docker/alpine?
- new "WWW get http not read access"
- expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/noread.html)" 0 "HTTP/$HVER 403" "Content-Type: text/html" "403 Forbidden"
+ # Two cases where the privileges test is not run:
+ # 1) Docker in alpine for some reason
+ # 2) Restconf run explicitly as root (eg coverage)
+ if [ ! -f /.dockerenv ] ; then
+ if [[ "$clixon_restconf" != *"-r"* ]]; then
+ new "WWW get http not read access"
+ expectpart "$(curl $CURLOPTS -X GET -H 'Accept: text/html' $proto://localhost/data/noread.html)" 0 "HTTP/$HVER 403" "Content-Type: text/html" "403 Forbidden"
+ fi
fi
# Try .. Cannot get .. in path to work in curl (it seems to remove it)