httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kamesh Jayachandran <kam...@collab.net>
Subject Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Wed, 21 Oct 2009 13:33:02 GMT
Hi All,

We observe one strange error since exhibited in combination with 
SVN(with bulk import having more than 20k files).

Original posting is at
http://subversion.tigris.org/ds/viewMessage.do?dsMessageId=2379671&dsForumId=462


The problem exists even in httpd-2.2.13 and httpd-2.2.14.

We get errors like the following

svn: PUT of '/svn/svntest/!svn/wrk/fca6bd35-b260-7942-8f52-bcf3dcdfd734/abc/trunk/publish/q/xyz.gz':
SSL negotiation failed: SSL error:
  parse tlsext (https://hostname  <https://cu097.cubit.maa.collab.net>)




It happens only with windows client, server can be linux or win32.

I could manage to get the stack trace of apache child(in apache-2.2.13) 
when this error occurs.


**
	

<stack trace of apache 2.2.13 when we get this tlsext parse error>
#0  ssl_filter_io_shutdown (filter_ctx=0xa07b910, c=0xa07b350, abortive=1)
     at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:976
#1  0x0038d5eb in ssl_io_filter_connect (filter_ctx=0xa07b910)
     at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1146
#2  0x0038dc1d in ssl_io_filter_input (f=0xa08c898, bb=0xa0d2ac8, mode=AP_MODE_GETLINE, block=APR_BLOCK_READ,
readbytes=0)
     at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1336
#3  0x08086af9 in ap_get_brigade (next=0xa08c898, bb=0xa0d2ac8, mode=AP_MODE_GETLINE, block=APR_BLOCK_READ,
readbytes=0)
     at /home/kamesh/Download/httpd-2.2.13/server/util_filter.c:489
#4  0x0806b274 in ap_rgetline_core (s=0xa0d1c78, n=8192, read=0xbf837c14, r=0xa0d1c60, fold=0,
bb=0xa0d2ac8)
     at /home/kamesh/Download/httpd-2.2.13/server/protocol.c:231
#5  0x0806b943 in read_request_line (r=0xa0d1c60, bb=0xa0d2ac8) at /home/kamesh/Download/httpd-2.2.13/server/protocol.c:596
#6  0x0806c299 in ap_read_request (conn=0xa07b350) at /home/kamesh/Download/httpd-2.2.13/server/protocol.c:891
#7  0x0808726e in ap_process_http_connection (c=0xa07b350)
     at /home/kamesh/Download/httpd-2.2.13/modules/http/http_core.c:183
#8  0x08082c73 in ap_run_process_connection (c=0xa07b350) at /home/kamesh/Download/httpd-2.2.13/server/connection.c:43
#9  0x08083053 in ap_process_connection (c=0xa07b350, csd=0xa07b1b8)
     at /home/kamesh/Download/httpd-2.2.13/server/connection.c:178
#10 0x080901df in child_main (child_num_arg=0) at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:662
#11 0x080903ca in make_child (s=0x9f70fa0, slot=0) at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:758
#12 0x08090424 in startup_children (number_to_start=1)
     at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:776
#13 0x080908c8 in ap_mpm_run (_pconf=0x9f6f0a8, plog=0x9f9d160, s=0x9f70fa0)
     at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:997
#14 0x08064bb8 in main (argc=3, argv=0xbf837fe4) at /home/kamesh/Download/httpd-2.2.13/server/main.c:740
</snip>




**
	

<snip from error log while this error happened last week>
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#8494dd0
[mem: 835bb00] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | 0000: 15 03 01 00 02         
                         .....            |
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 2/2 bytes from BIO#8494dd0
[mem: 835bb05] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | 0000: 02 32                  
                         .2               |
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1888): OpenSSL: Read: SSLv3 read client
certificate A
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1907): OpenSSL: Exit: failed in SSLv3
read client certificate A
[Sat Oct 10 20:41:18 2009] [info] [client IP] SSL library error 1 in handshake (server hostname:443)
[Sat Oct 10 20:41:18 2009] [info] SSL Library Error: 336151578 error:1409441A:SSL routines:SSL3_READ_BYTES:tlsv1
alert decode error
[Sat Oct 10 20:41:18 2009] [info] [client IP] Connection closed to child 5 with abortive shutdown
(server hostname:443)
</snip>

       



I could not isolate this issue to openssl versions as it happens with 
openssl-0.9.8k, openssl-0.9.8g, openssl-0.9.8-b

When I built the server against openssl-1.0.0-beta3, I could *not* 
access svn at all using svn client while I could access the same via 
browser.

Any clues?

With regards

Kamesh Jayachandran

Mime
View raw message