On Wed, Mar 17, 1999, Ralf S. Engelschall wrote:
> On Wed, Mar 17, 1999, Mats Josefsson wrote:
>
> > Maybe this info can help in finding a solution to the POST and/or Apache
> > hang problem.
> >
> > We are using a Java based client doing POSTs to a Apache/mod_ssl/Jserv
> > server. The client uses bothe SSL session reuse and HTTP Keep-Alive
> > (just
> > like the Netscape browser). The problems seemed to be related to the use
> > of Keep-Alive.
> >
> > At one time we experienced the following problems:
> >
> > * Apache would close the connection unexpectedly, often in the middle
> > of the (n'th) output phase. (The close notify was sent, but the
> > channel
> > was closed too early).
> >
> > * Sometimes Apache processes would hang, not responding, but using all
> > available cpu.
> >
> > I did not find out why Apache did this, but I found out how to avoid it.
> > Our client had a bug causing it to send a few bytes more than the
> > "Content-Length:" header said. Wen we fixed that, both Apache problems
> > went away.
>
> That's _VERY_ interesting. This would explain the problems and the fact why I
> cannot find the reason although I've tried to trace it down more than once now
> with s_client. Hmmm.... seems like I've to check the request Netscape sends to
> the server byte by byte... thanks for the hint.
I've today again investigated a few hours and now finally found out at least
where the problem stays: It's Apache's ``lingering close'' stuff in
combination with kept-alive connections. After I've moved the connection close
phase directly inside the lingering close code (and there after the socket
flush but before the socket close) it now works fine for me. Both Axel's
testtool CGI and the posted page1.html/page2.html example now works without
any I/O errors or hangs.
But I've still not understood why it doesn't work to wait for Netscape's SSL
finish message. According to the SSL/TLS standard it seems to be ok for a
server to only send the SSL finish message but not wait for the response of
the client. But it's interesting that Netscape doesn't send it (instead
mod_ssl would wait endless for it) while other clients do.
I've now to cleanup my changes and a POST-bugfixed 2.2.5 version should be now
possible. But 2.2.5 has to be released in combination with OpenSSL 0.9.2 (the
reason I still cannot explain), so you've to wait a few more days.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
