Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 61531 invoked from network); 20 Mar 2009 01:53:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Mar 2009 01:53:59 -0000 Received: (qmail 88277 invoked by uid 500); 20 Mar 2009 01:53:58 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 88234 invoked by uid 500); 20 Mar 2009 01:53:58 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 88221 invoked by uid 99); 20 Mar 2009 01:53:58 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Mar 2009 18:53:58 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Mar 2009 01:53:55 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 8F083234C004; Thu, 19 Mar 2009 18:53:34 -0700 (PDT) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 46880] New: SSL+Client Certificates required+large POSTs cause ssl reneg to fail (sometimes) X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: kgrindley@ll.mit.edu X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Thu, 19 Mar 2009 18:53:34 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=46880 Summary: SSL+Client Certificates required+large POSTs cause ssl reneg to fail (sometimes) Product: Apache httpd-2 Version: 2.2.3 Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P2 Component: mod_ssl AssignedTo: bugs@httpd.apache.org ReportedBy: kgrindley@ll.mit.edu When submitting a POST, usually a large post, sometimes the re-negotiation fails with the following error. [Thu Mar 19 21:35:58 2009] [info] Initial (No.1) HTTPS request received for child 0 (server locus.example.com:443) [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(426): Changed client verification type will force renegotiation [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1478): [client 155.34.228.80] filling buffer [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1800): OpenSSL: read 5/5 bytes from BIO#2aca86a7bc20 [mem: 2aca78e95010] (BIO dump follows) [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1747): +-------------------------------------------------------------------------+ [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1772): | 0000: 17 03 01 04 40 ....@ | [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1778): +-------------------------------------------------------------------------+ [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1800): OpenSSL: read 1088/1088 bytes from BIO#2aca86a7bc20 [mem: 2aca78e95015] (BIO dump follows) [...snip...] [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1529): [client 155.34.228.80] total of 4324 bytes in buffer, eos=1 [Thu Mar 19 21:35:58 2009] [info] Requesting connection re-negotiation [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(616): Performing full renegotiation: complete handshake protocol [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSL renegotiate ciphers [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write hello request A [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write hello request C [Thu Mar 19 21:35:58 2009] [info] Awaiting re-negotiation handshake [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before accept initialization [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1811): OpenSSL: I/O error, 5 bytes expected to read on BIO#2aca86a7bc20 [mem: 2aca78e95010] [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client hello B [Thu Mar 19 21:35:58 2009] [error] Re-negotiation handshake failed: Not accepted by client!? [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1572): [client 155.34.228.80] read from buffered SSL brigade, mode 0, 8192 bytes [Thu Mar 19 21:35:58 2009] [debug] ssl_engine_io.c(1647): [client 155.34.228.80] buffered SSL brigade exhausted seems to fail 4 out of 5 times. sometimes realoading will cause the reneg. to complete and the post is passed to the CGI. note I'm running a larger SSL reneg buffer of 800meg. (i need to be able to accept large posts via client certificate authentication) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org