From 223ee40fde947db7b5abe18ac4b91da7aee46a46 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 14 Oct 2010 10:53:26 -0400
Subject: [PATCH] Avoid spurious reads from just-created open openssl
 bufferevents

When handshaking, we listen for reads or writes from the
transport. But when we're connected, we start out with writes enabled
and reads disabled, which means we should not have the transport read
for us.
---
 bufferevent_openssl.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
index 11fd5b8d..cee24aae 100644
--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
@@ -898,13 +898,13 @@ do_handshake(struct bufferevent_openssl *bev_ssl)
 		print_err(err);
 		switch (err) {
 		case SSL_ERROR_WANT_WRITE:
-			if (!bev_ssl->underlying) {		/* XXXX ???? */
+			if (!bev_ssl->underlying) {
 				stop_reading(bev_ssl);
 				return start_writing(bev_ssl);
 			}
 			return 0;
 		case SSL_ERROR_WANT_READ:
-			if (!bev_ssl->underlying) {		/* XXXX ???? */
+			if (!bev_ssl->underlying) {
 				stop_writing(bev_ssl);
 				return start_reading(bev_ssl);
 			}
@@ -1218,13 +1218,15 @@ bufferevent_openssl_new_impl(struct event_base *base,
 
 	if (underlying) {
 		bufferevent_enable(underlying, EV_READ|EV_WRITE);
-		/* XXXX ???? */
+		if (state == BUFFEREVENT_SSL_OPEN)
+			bufferevent_suspend_read(underlying,
+			    BEV_SUSPEND_FILT_READ);
 	} else {
 		bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
 		if (bev_ssl->fd_is_set) {
-			/* XXX Is this quite right? */
-			if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
-				goto err;
+			if (state != BUFFEREVENT_SSL_OPEN)
+				if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
+					goto err;
 			if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
 				goto err;
 		}