httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kamesh Jayachandran <kam...@collab.net>
Subject Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
Date Fri, 23 Oct 2009 14:23:53 GMT
On 10/22/2009 02:09 PM, Joe Orton wrote:
> On Thu, Oct 22, 2009 at 12:49:10PM +0530, Kamesh Jayachandran wrote:
>    
>> I tried your patch. It does *not* fix the issue.
>> One difference it makes is , triggers failure early at 20/30 files(PUT
>> requests) instead of 20k files earlier.
>>      
> Can you get a packet dump/trace from the client side?  Is there anything
> between client and server which is intercepting the SSL traffic?
> (physical/software firewall?)  It would be good whether this problem is
> due to the traffic becoming corrupted.
>    


Find the tcpdump while this failure occurs at 
http://www.livecipher.com/tlsext_dump/tlsext.dmp

I could not suspect the firewall as this occurs only with 
httpd-2.2.12+openssl-with-tls-ext *not* with httpd-2.2.11 or 
httpd-2.2.13+openssl-without-tls-ext.


Thanks

> There seem to be two places in OpenSSL's ssl_parse_serverhello_tlsext()
> which can send a "decode error" alert, if I am reading the code and
> following the error handling correctly.  It would be useful if you could
> use a custom OpenSSL build with an fprintf(stderr, ... ) or similar
> added before each of the "*al = SSL_AD_DECODE_ERROR;" lines in that
> function (in ssl/t1_lib.c), if you're able to try that?
>
> Regards, Joe
>
>
>    

Will try this next week as it involves building in win32 which I am not 
used to.

With regards
Kamesh Jayachandran

Mime
View raw message