httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: HTTPS connections lock-up with 2.4.18
Date Mon, 01 Feb 2016 11:41:55 GMT
Looks like this is "fallout" from:

    http://svn.apache.org/viewvc?view=revision&revision=1707230


> On Jan 31, 2016, at 9:41 PM, Joachim Achtzehnter <joachim@kraut.ca> wrote:
> 
> After upgrading from 2.4.12 to 2.4.18 we find that some requests for files cause a lock-up
when HTTPS is used, but not with plain HTTP. After some debugging it seems the problem is
that the mod_ssl no longer explicitly flushes the output it produced before going back to
reading a new request on the same connection.
> 
> This is a 32-bit Intel Linux platform, and by stepping through the mod_ssl output filter
in the debugger I can see that the files that cause problems are being read by Apache using
the mmap approach.
> 
> Restoring the explicit flushing from 2.4.12 gets the 2.4.18 version of mod-ssl working
for us. Here is the patch:
> 
> 
> --- ssl_engine_io.c.orig	2015-11-19 11:55:25.000000000 -0800
> +++ ssl_engine_io.c	2016-01-31 17:22:54.586227441 -0800
> @@ -466,6 +466,21 @@
>         return -1;
>     }
> 
> +    /* In theory, OpenSSL should flush as necessary, but it is known
> +     * not to do so correctly in some cases; see PR 46952.
> +     *
> +     * Historically, this flush call was performed only for an SSLv2
> +     * connection or for a proxy connection.  Calling _out_flush
> +     * should be very cheap in cases where it is unnecessary (and no
> +     * output is buffered) so the performance impact of doing it
> +     * unconditionally should be minimal.
> +     */
> +    if (bio_filter_out_flush(inctx->bio_out) < 0) {
> +        bio_filter_out_ctx_t *outctx = inctx->bio_out->ptr;
> +        inctx->rc = outctx->rc;
> +        return -1;
> +    }
> +
>     BIO_clear_retry_flags(bio);
> 
>     if (!inctx->bb) {
> 
> 
> 


Mime
View raw message