httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: mod_ssl not sending Alert upon close ?
Date Fri, 06 Feb 2004 15:03:01 GMT
On Thu, Feb 05, 2004 at 02:03:29PM -0800, Mathihalli, Madhusudan wrote:
> Okay. here's what I think is happening : (Client => C Server -> S)

You're right, the alert is never getting sent!

> C  -> S : initiates connection
> C <-> S : handshake
> S  -> C : server sends application data
> S  -> C : server tries to read from the socket
>           -> finds nothing (0 bytes returned)
>           -> assumes transaction is completed, and starts cleanup process
>           -> closes the connection first
>           -> frees the pool, which invokes ssl_io_filter_cleanup() and inturn ssl_io_filter_shutdown()
>           -> ssl_io_filter_shutdown() tries to send 'Close notify'
>              OOPS ! The connection has already been terminated 

Yes - it's too late to rely on pool cleanups to send the alert: I think
the right place to do this is when the output filter gets the EOS
bucket: the patch below fixes for my tests, can you test against MSIE?

I'm not convinced about the ordering of the flush/shutdown...

--- modules/ssl/ssl_engine_io.c	23 Jan 2004 16:50:24 -0000	1.114
+++ modules/ssl/ssl_engine_io.c	6 Feb 2004 14:55:16 -0000
@@ -1404,6 +1404,11 @@
          * These types do not require translation by OpenSSL.  
          */
         if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
+            if (APR_BUCKET_IS_EOS(bucket)) {
+                status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+                if (status) break;
+            }
+
             if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
                 status = outctx->rc;
                 break;

Mime
View raw message