httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46952] ssl renegotiation hangs with long ca list
Date Wed, 20 Jul 2011 16:37:55 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952

--- Comment #23 from Puneet Ahuja <pahuja@adobe.com> 2011-07-20 16:37:55 UTC ---
Try using a fully qualified domain name as CN of the server certificate.

--Puneet

(In reply to comment #22)
> (In reply to comment #20)
> > (In reply to comment #19)
> > > I forgot: the fix for this specific issue is in 2.2.15.
> > > 
> > > If you are seeing reneg failures with 2.2.15 it is likely to be related to
the
> > > fixes for CVE-2009-3555.  Please contact users@httpd.apache.org in the first
> > > instance for help diagnosing the issue.
> > I am not able to get around this problem for Apache 2.2.17 (with openssl
> > 0.9.8o) , 2.2.19 (with openssl 0.9.8r) and 2.2.19 (with openssl 1.0.0d) windows
> > server for ios clients. Strangely the Linux server works fine but the windows
> > version shows the same problem with ios clients (I am able to get it working
> > for the desktop browsers, openssl -s_client and ios client with Apache on
> > linux). Could there be some issue on ios client or somehow Apache on windows is
> > not flushing data even thought the openssl is forcing a flush?
> 
> Hello,
> 
> I also have that problem under Windows Server 2003 (haven't been able to test
> it on a different version/OS). I am currently with 2.2.17 (win32) and OpenSSL
> 0.9.8o and I will also test with latest stable versions.
> Your talking about data flush? Is it something that can be done manually to
> restore temporarly the services? I saw there was a patch release but doesn't
> seem to resolve the issue. This patch is included in 2.2.17 or higher?
> 
> FYI, here's the error I have in the apache logs.
> ---
> [Fri Jun 03 13:46:45 2011] [info] Subsequent (No.100) HTTPS request received
> for child 970 (server genesys:443)
> [Fri Jun 03 13:46:45 2011] [debug] ssl_engine_io.c(1708): OpenSSL: I/O error, 5
> bytes expected to read on BIO#108da8d8 [mem: 10514300]
> [Fri Jun 03 13:46:45 2011] [info] (OS 10060)A connection attempt failed because
> the connected party did not properly respond after a period of time, or
> established connection failed because connected host has failed to respond.  :
> SSL input filter read failed.
> [Fri Jun 03 13:46:45 2011] [debug] ssl_engine_kernel.c(1749): OpenSSL: Write:
> SSL negotiation finished successfully
> [Fri Jun 03 13:46:45 2011] [info] Connection to child 956 closed with standard
> shutdown(server genesys:443, client 172.26.69.60)
> ---
> 
> Thank you.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message