httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mathihalli, Madhusudan" <mad...@hp.com>
Subject RE: mod_ssl not sending Alert upon close ?
Date Fri, 06 Feb 2004 15:56:49 GMT
Nope.. It didn't work that way.
 
The only way I've been able to get the Alert message on the client is by using the log_transaction
hook to do the SSL_shutdown() - it's a ugly hack.
 
The more I think about it, I feel there's a need for something like pre-close hook OR have
the lingering_close invoke the filter code for _CONNECTION_TYPE filters.
 
-Madhu

________________________________

From: Joe Orton [mailto:jorton@redhat.com]
Sent: Fri 2/6/2004 7:03 AM
To: dev@httpd.apache.org
Subject: Re: mod_ssl not sending Alert upon close ?



On Thu, Feb 05, 2004 at 02:03:29PM -0800, Mathihalli, Madhusudan wrote:
> Okay. here's what I think is happening : (Client => C Server -> S)

You're right, the alert is never getting sent!

> C  -> S : initiates connection
> C <-> S : handshake
> S  -> C : server sends application data
> S  -> C : server tries to read from the socket
>           -> finds nothing (0 bytes returned)
>           -> assumes transaction is completed, and starts cleanup process
>           -> closes the connection first
>           -> frees the pool, which invokes ssl_io_filter_cleanup() and inturn ssl_io_filter_shutdown()
>           -> ssl_io_filter_shutdown() tries to send 'Close notify'
>              OOPS ! The connection has already been terminated

Yes - it's too late to rely on pool cleanups to send the alert: I think
the right place to do this is when the output filter gets the EOS
bucket: the patch below fixes for my tests, can you test against MSIE?

I'm not convinced about the ordering of the flush/shutdown...

--- modules/ssl/ssl_engine_io.c 23 Jan 2004 16:50:24 -0000      1.114
+++ modules/ssl/ssl_engine_io.c 6 Feb 2004 14:55:16 -0000
@@ -1404,6 +1404,11 @@
          * These types do not require translation by OpenSSL. 
          */
         if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
+            if (APR_BUCKET_IS_EOS(bucket)) {
+                status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+                if (status) break;
+            }
+
             if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
                 status = outctx->rc;
                 break;



Mime
View raw message