httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 16630] New: - SSL Session data not stored to the session cache
Date Fri, 31 Jan 2003 09:28:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16630>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16630

SSL Session data not stored to the session cache

           Summary: SSL Session data not stored to the session cache
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: HP
        OS/Version: HP-UX
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: marjan.blatnik@gov.si


1.
For each downloaded document from https server with client authentication, a
browser (IE 5.5, IE 6.0, Mozilla-1.2.1) ask for a private key password.

On server side, I tested next combinations:
 - openssl-0.9.6g
   openssl-0.9.7
 - Apache httpd-2.0.40
   Apache httpd-2.0.44
 - build-in sdbm
   gdbm 1.8.0
 - CA cert uses 2048-bits
 - server and user certs use 1024-bits
 - HP-UX 11.00: HP-UX mailhub2 B.11.00 U 9000/800 154C....

I increase LogLevel to debug and next lines shows, that the session is not
stored in dbm (sdbm or gdbm):
[Fri Jan 31 08:26:20 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=SET status=BAD id=04547FF214...59BCE46 timeout=294s
(session caching)
[Fri Jan 31 08:26:20 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=GET status=MISSED id=04547FF214...59E159BCE46 (session
renewal)
[Fri Jan 31 08:26:22 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=SET status=BAD id=7A1E667FF...39E175C275EE timeout=298s
(session caching)
[Fri Jan 31 08:26:47 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=GET status=MISSED id=7A1E667FF3...39E175C275EE (session
renewal)
[Fri Jan 31 08:26:49 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=SET status=BAD id=3B83F5CB51...AB44344 timeout=298s
(session caching)
[Fri Jan 31 08:26:55 2003] [debug] ssl_engine_kernel.c(1604): Inter-Process
Session Cache: request=GET status=MISSED id=3B83F5CB51...AB44344 (session renewal)

I add some debuging code to the
modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store which shows, that idlen is 32
bytes, nData(i2d_SSL_SESSION(sess, NULL)) is 1387 bytes, together 1419 bytes,
that is more then 950 bytes (default dbm limit in
modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store).

As workaround, I change
 - modules/ssl/ssl_scache_dbm.c:ssl_scache_dbm_store
   from
     if ((idlen + nData) >= 950 /* at least less than approx. 1KB */)
        return FALSE;
   to
     # Additional debuging code
     # char logstr[501];
     # snprintf(logstr,500,"Dbm pairsize: idlen: %d,  nData: %d,  sum: %d, 
limit: less then 2000",idlen,nData,idlen+nData);
     # ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, logstr);
     if ((idlen + nData) >= 2000
        return FALSE;
 - srclib/apr-util/dbm/sdbm/sdbm_private.h   
   from
     #define DBLKSIZ 4096
     #define PBLKSIZ 1024
     #define PAIRMAX 1008                    /* arbitrary on PBLKSIZ-N */
   to
     #define DBLKSIZ 16384
     #define PBLKSIZ 8192
     #define PAIRMAX 8008                    /* arbitrary on PBLKSIZ-N */

2. Not a bug, just for information
At the upgrade from openssl-0.9.6g to openssl-0.9.7 I noticed that the
serial number atribute name in env. variable SSL_CLIENT_S_DN changed from
SN=... to serialNumber=...

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message