Return-Path: 
 <new-httpd-return-18191-apmail-new-httpd-archive=apache.org@apache.org>
Delivered-To: apmail-new-httpd-archive@apache.org
Received: (qmail 68412 invoked by uid 500); 31 Jul 2001 15:53:45 -0000
Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: new-httpd@apache.org
list-help: <mailto:new-httpd-help@apache.org>
list-unsubscribe: <mailto:new-httpd-unsubscribe@apache.org>
list-post: <mailto:new-httpd@apache.org>
Delivered-To: mailing list new-httpd@apache.org
Received: (qmail 68363 invoked from network); 31 Jul 2001 15:53:44 -0000
Message-ID: <A5374D237E78D41195810090279CC91A021EE00C@xcup04.cup.hp.com>
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
 <madhusudan_mathihalli@hp.com>
To: "'new-httpd@apache.org'" <new-httpd@apache.org>
Subject: RE: [patch] Trying to cleanup SSL filter logic
Date: Tue, 31 Jul 2001 08:53:43 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

Yup..I know it happens - the log_transaction is called after the connection
has been processed, which is after we've closed the connection (after
FLUSH()) and freed the SSL context.. 

One of the solutions is to move the freeing of the SSL context out of
CloseConnection() and perform that after the log_transaction() is called..
In the following patch, I'm trying to free the memory in the
ap_log_transaction phase - I know it ugly and just towards resolving the
symptom. But if it sounds okay, I can clean it up and propose a better
patch.

Thanks
-Madhu & Julius


Index: mod_ssl.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.12
diff -u -r1.12 mod_ssl.c
--- mod_ssl.c	2001/07/31 03:40:47	1.12
+++ mod_ssl.c	2001/07/31 15:42:13
@@ -450,6 +450,15 @@
     return DECLINED;
 }
 
+static int ssl_hook_log_transaction (request_rec *r)
+{
+    ap_log_error(APLOG_MARK,APLOG_ERR,0,NULL, "In log_transaction");
+    SSL_free((SSL *)apr_table_get(r->connection->notes, "ssl"));
+    apr_table_setn(r->connection->notes, "ssl", NULL);
+
+    return DECLINED;
+}
+
 static const char *ssl_hook_http_method (const request_rec *r)
 {
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -489,6 +498,7 @@
     ap_hook_handler       (ssl_hook_Handler,       NULL,NULL,
APR_HOOK_MIDDLE);
     ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL,
APR_HOOK_MIDDLE);
     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL,
APR_HOOK_MIDDLE);
+
ap_hook_log_transaction(ssl_hook_log_transaction,NULL,NULL,APR_HOOK_MIDDLE);
 
 #if 0 /* XXX - Work in progress */
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL,
APR_HOOK_MIDDLE);
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.13
diff -u -r1.13 ssl_engine_kernel.c
--- ssl_engine_kernel.c	2001/07/31 03:40:47	1.13
+++ ssl_engine_kernel.c	2001/07/31 15:42:15
@@ -463,9 +463,12 @@
             conn->id, cpType, ssl_util_vhostid(conn->pool,
conn->base_server),
             conn->remote_ip != NULL ? conn->remote_ip : "unknown");
 
+ap_log_error(APLOG_MARK,APLOG_ERR,0,NULL,"In CloseConnection");
+#if 0 /* XXX To enable log_x. Check where to free the SSL memory  - TBD */
     /* deallocate the SSL connection */
     SSL_free(ssl);
     apr_table_setn(conn->notes, "ssl", NULL);
+#endif /* XXX */
 
     return APR_SUCCESS;
 }






-----Original Message-----
From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
Sent: Monday, July 30, 2001 9:29 PM
To: new-httpd@apache.org
Subject: Re: [patch] Trying to cleanup SSL filter logic


I think we are still trying to clean up too early

ssl_engine_ext.c:179
    if (apr_table_get(r->connection->notes, "ssl") != NULL)

always fails in the logging phase.  Since we have closed and set the "ssl"
notes
back to NULL, apr_table_get doesn't distinguish between 'found, no value'
and 
'not found' :(

Bill

----- Original Message ----- 
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
<madhusudan_mathihalli@hp.com>
To: <new-httpd@apache.org>
Sent: Monday, July 30, 2001 9:59 PM
Subject: RE: [patch] Trying to cleanup SSL filter logic


> I got into the same problem of keepalives.. it renegotiates everytime -
it's
> pretty ugly :-(. I still need to work on it. I was thinking of eliminating
> the APR_BLOCK_READ in churn() before trying to resolve the keepalive
> problem.. I'd rather work on the keepalive now.. 
>  
> -Madhu
> 
> 
> -----Original Message-----
> From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
> Sent: Monday, July 30, 2001 7:39 PM
> To: new-httpd@apache.org
> Subject: Re: [patch] Trying to cleanup SSL filter logic
> 
> 
> From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
> <madhusudan_mathihalli@hp.com>
> Sent: Monday, July 30, 2001 9:27 PM
> 
> 
> > I've tried to cleanup some of the logic in the filter processing of
> > the SSL data. The changes include :
> > - eliminated the use of ssl_log - it used to cause seg faults during
> cleanup
> > since the conn_rec will no longer be valid.
> > - eliminated the "for (;;)" processing loop in ssl_io_filter_Output() -
> > we'll have to do that in churn_output() if required, so that any
remaining
> > OpenSSL data (if available) is transferred before we call the
> > CloseConnection.
> > - Any remaining data in SSL should be cleaned up ideally in the
> > APR_BUCKET_IS_EOS() processing stage itself, as we close the SSL
> connection
> > here.
> 
> Doug and I thank you for your hard work (we are debugging the same as your
> post
> came through :)  I'll test in a minute.
> 
> Question - what happens with keepalives.  Don't we see an EOS on every
> single
> request, on the same open connection?  Do we really want to close it up
> right here?
> 
> 
>