Fixed ICE-7050: fixed WSS issue where server could stop reading requests

4 files changed, 26 insertions, 12 deletions

diff --git a/CHANGELOG-3.6.md b/CHANGELOG-3.6.md
index 8ede4eabad3..21b3cc7dcda 100644
--- a/CHANGELOG-3.6.md
+++ b/CHANGELOG-3.6.md
@@ -64,8 +64,12 @@ These are the changes since Ice 3.6.1.
 - Fixed El Capitan build issues caused by a new security feature that no longer
   exports DYLD_LIBRARY_PATH to child processes.
 
-- Fixed potential deadlock that could occur when using collocation optimization and
-  serialized server thread pools.
+- Fixed potential deadlock that could occur when using collocation optimization
+  and serialized server thread pools.
+
+- Fixed IceSSL bug that would only show up with WSS servers running on OS X
+  and Linux. The WSS server could stop reading requests if the client sent
+  multiple requests within the same SSL record.
 
 ## C# Changes
 
diff --git a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
index 7503cc8c9a8..d66c5eb2781 100644
--- a/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
+++ b/cpp/src/IceSSL/OpenSSLTransceiverI.cpp
@@ -440,7 +440,7 @@ IceSSL::TransceiverI::write(IceInternal::Buffer& buf)
 }
 
 IceInternal::SocketOperation
-IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool&)
+IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool& hasMoreData)
 {
     if(!_stream->isConnected())
     {
@@ -548,6 +548,11 @@ IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool&)
         }
     }
 
+    //
+    // Check if there's still buffered data to read. In this case, set hasMoreData to true.
+    //
+    hasMoreData = SSL_pending(_ssl) > 0;
+
     return IceInternal::SocketOperationNone;
 }
 
diff --git a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
index 3b532b059fc..2b4dff3ab25 100644
--- a/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
+++ b/cpp/src/IceSSL/SecureTransportTransceiverI.cpp
@@ -396,20 +396,13 @@ IceSSL::TransceiverI::write(IceInternal::Buffer& buf)
 }
 
 IceInternal::SocketOperation
-IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool&)
+IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool& hasMoreData)
 {
     if(!_stream->isConnected())
     {
         return _stream->read(buf);
     }
 
-    //
-    // Note: we don't set the hasMoreData flag in this implementation.
-    // We assume that SecureTransport doesn't read more SSL records
-    // than necessary to fill the requested data and that the sender
-    // sends Ice messages in individual SSL records.
-    //
-
     if(buf.i == buf.b.end())
     {
         return  IceInternal::SocketOperationNone;
@@ -461,6 +454,18 @@ IceSSL::TransceiverI::read(IceInternal::Buffer& buf, bool&)
             packetSize = buf.b.end() - buf.i;
         }
     }
+
+    //
+    // Check if there's still buffered data to read. In this case, set hasMoreData to true.
+    //
+    size_t buffered = 0;
+    OSStatus err = SSLGetBufferedReadSize(_ssl, &buffered);
+    if(err)
+    {
+        errno = err;
+        throw SocketException(__FILE__, __LINE__, IceInternal::getSocketErrno());
+    }
+    hasMoreData = buffered > 0;
     return IceInternal::SocketOperationNone;
 }
 
diff --git a/js/test/Ice/ami/Client.js b/js/test/Ice/ami/Client.js
index 44f4b718232..8052b8e77d3 100644
--- a/js/test/Ice/ami/Client.js
+++ b/js/test/Ice/ami/Client.js
@@ -429,7 +429,7 @@
                         return testController.resumeAdapter().then(
                             function()
                             {
-                                p.ice_ping().then(
+                                return p.ice_ping().then(
                                     function()
                                     {
                                         test(!r1.isSent() && r1.isCompleted());