Sorry for this blast-o-gram. I realized that the patch that I'd posted was
totally a wrong one - and did not achieve what it was meant for :-(.
For those interested, here's something which is pretty close to what I'd
intented).
Thanks
-Madhu
diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c
apache_1.3.26/src/modules/ssl/ssl_engine_io.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.cFri Aug 2 13:44:24
2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_io.c Thu Aug 8 16:38:09
2002
@@ -346,6 +346,14 @@
if ((ssl = ap_ctx_get(fb-ctx, ssl)) != NULL) {
rc = SSL_read(ssl, buf, len);
+
+c = (conn_rec *)SSL_get_app_data(ssl);
+if (c-aborted) {
+ssl-rwstate = SSL_NOTHING;
+ssl_hook_CloseConnection(c);
+return -1;
+}
+
/*
* Simulate an EINTR in case OpenSSL wants to read more.
* (This is usually the case when the client forces an SSL
@@ -380,6 +388,14 @@
if ((ssl = ap_ctx_get(fb-ctx, ssl)) != NULL) {
rc = SSL_write(ssl, buf, len);
+
+c = (conn_rec *)SSL_get_app_data(ssl);
+if (c-aborted) {
+ssl-rwstate = SSL_NOTHING;
+ssl_hook_CloseConnection(c);
+return -1;
+}
+
/*
* Simulate an EINTR in case OpenSSL wants to write more.
*/
diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c
apache_1.3.26/src/
modules/ssl/ssl_engine_kernel.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.cFri Aug 2
13:44
:24 2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_kernel.c Thu Aug 8 16:19:31
2002
@@ -457,6 +457,9 @@
if (ssl == NULL)
return;
+if (SSL_want_read(ssl) || SSL_want_write(ssl))
+return;
+
/*
* First make sure that no more data is pending in Apache's BUFF,
* because when it's (implicitly) flushed later by the ap_bclose()
---
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 04, 2002 10:08 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core
Hi,
I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)
1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
---
html
headtitleside_menu.htm/title/head
body
p/p
pa href=./10mb.pdfpdf-test/font/a/p
/body
/html
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on pdf-test, and select the Save as tab. This should
bring up the Save As dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.
Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.
The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]
Thanks
-Madhu
$ cvs diff http_protocol.c
Index: http_protocol.c
===
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c 9 Jul 2002 15:26:26 - 1.325
+++ http_protocol.c 4 Aug 2002 16:54:45 -
@@ -2362,7 +2362,7 @@
if (length == 0)
return 0;
-ap_soft_timeout(send body, r);
+ap_hard_timeout(send body, r);
while (!r-connection-aborted) {
if ((length 0) (total_bytes_sent + IOBUFSIZE) length)
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
