httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: ssl is broken
Date Wed, 03 Oct 2001 05:11:23 GMT
On Wed, Oct 03, 2001 at 12:51:09AM -0400, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> I'm running into all sorts of filter problems. The initial client request is
> itself not received completely.. For ex., the apr_bucket_read
> (ssl_engine_io.c:218) returns 20 bytes when the client has sent 103 bytes. 
> The ssl_hook_process_connection (mod_ssl.c:360) returns with a error to read
> more (which is not being handled right now). This is a problem as the SSL
> filter expects that *all* the data sent by the client is received in one
> complete chunk..
> If I try forcing the bucket_read again (incase of a SSL_WANT_READ error),
> it's still not able to read the full data.

Whenever mod_ssl is handling the request, it needs to remove CORE_IN
and be able to match CORE_IN's functionality (i.e. handle the same
modes as CORE_IN).  This is how I would expect it to work given the
new implementation.

I would also expect that mod_ssl makes some faulty assumptions
about how the input filtering works (these same assumptions broke 
the httpd-test input filter module).  Input filters should only 
return as much data as is requested.  Everything else should remain
buffered - this is a change from before.

I will try to take a look at it tomorrow.  It will take me some
time to sift through the code.  FWIW, this is what I meant by 
mod_ssl being a quagmire - I'm not familiar with the code and 
it is substantially different in style from the rest of httpd.
There is a steep learning curve here.

Hopefully, this should give you an idea of what needs to happen - 
if you can beat me to it, great.  =)  -- justin

View raw message