Problem Report on nscgi Memory Leak:
!!! THIS IS A MAJOR BUG FOR ANYONE RUNNING CGI SCRIPTS IN AOLSERVER 3.x
!!!
This bug exists in released versions of AOLserver 3.x inclusive of
AOLserver 3.5.1 all the way back to AOLserver 3.0. Any past or current
reports of AOLserver 3.x growing in size over
This is a very useful feature that would be very helpful for new users
especially. I think it's so good, I would prefer to see it integrated
such that you trigger it with a command line flag to nsd at start time.
Many of you use other tools to perform watchdog activities, which is
great. But
As per the conversation during the AOLserver chat today, I've posted
the webdav.tcl module to my site's front page: http://scottg.net.
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the
body of SIGNOFF AOLSERVER in
Hi Jeremy,
you should find most of what you need at http://www.aolserver.com. Look
along the left edge for links to documentation etc. You'll specifically
want to look at ADPs (AOLserver Dynamic Pages), which you can find here:
http://aolserver.com/docs/devel/tcl/adp-overview.html
/s.
On
Peer verify means the server will request the client to send a client
SSL cert. You will rarely ever use this option, and if you're not sure
whether you need it, then you definitely don't. Most clients (i.e.
users with browsers) don't have their own personal certs. You might use
it to gain access
Scott, would you be so kind to enlighten me?
Certainly. Important parts of my test config are at the bottom of this
message. Here's how it works:
At start time, nsopenssl reads the config sections for SSL contexts and
SSL drivers. Each SSL context and each SSL driver has a unique name
within that
ns_conn close doesn't clean up the SSL part of the connection so it's
possible these errors are generated after ns_conn close, which might
leave the channel in existence but in an unknown state. reading/writing
to the channel after ns_conn close would mean bytes reach the channel
but the channel
Thanks for the feedback. I've decided to split nsopenssl into two
modules. The nsopenssl module will now be entirely focused on
AOLserver's comm-driven connections. The nshttps module will focus on
creating and using SSL connections using a Tcl API.
I've made the decision to split this effort in
On Tuesday, September 30, 2003, at 04:11 AM, Andrew Piskorski wrote:
I realize this must be awfully late in the coding to bring up, but:
Would it greatly simplify or speed up things to release a first
version of nsopenssl which works with AOLserver 4.0, but does NOT
support virtual servers in
If you have a sourceforge account, do this:
cvs -z3 -d:ext:[EMAIL PROTECTED]:/cvsroot/aolserver
co -r aolserver_v35_bp aolserver
but change 'scottg' to your username.
Otherwise, do this:
cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/aolserver login
cvs -z3 -d:pserver:[EMAIL
The text beginning at Content-Dis... should be on the next line by
itself. If the browser hasn't changed, but the server has, then there
is something on the server side that's at fault. How are you processing
the incoming files? I.e. show us the code that touches file uploads in
your ADP or Tcl
it committed to sf cvs so people can start updating the
code in one place.
Scott Goodwin wrote on 8/21/03, 3:38 PM:
As per the conversation during the AOLserver chat today, I've posted
the webdav.tcl module to my site's front page: http://scottg.net.
/s.
--
AOLserver - http://www.aolserver.com
Sorry, that should read http://scottg.net/download/webdav.tcl
/s.
On Thursday, October 9, 2003, at 09:18 PM, Scott Goodwin wrote:
It's in SourceForge CVS, but you can still get the copy from
http://scottg.net/downloads/webdav.tcl
/s.
--
AOLserver - http://www.aolserver.com/
To Remove
This kind of problem is notoriously difficult to reproduce and will
require an extensive code review on my part to identify where the
problem may be occurring. It is possible that I am doing/not doing
something in the code that is contributing to this. I'll see if I can
track down the problem, but
. What I
had to
do was to change the keepalivetimeout parameter to 0 in the nsd.tcl
file.
This disables that timeout. I believe it may have been Scott Goodwin
who
mentioned to try that. I think my original timeout was like 2
minutes, so
to recreate it I would go to a page and sit there for two
Can the person from Greenpeace who directly emailed me yesterday about
nsopenssl please resend your message. I did receive it but I simply
cannot find it in my inbox, deleted items or any other folder. Very
strange.
thanks,
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from
nsopenssl 3.0 beta 10 is available on http://scottg.net. Kick the tires.
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the
body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of
your
Forgot to mention that you'll have to get around the fact that
ServerPort is no longer a valid name in the config -- OpenACS will have
an issue with that.
Since you can now have multiple drivers per virtual server, and drivers
for each virtual server, you'll have to figure out a way for OpenACS to
fall.
- Original Message -
From: Scott Goodwin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 15:37
Subject: Re: [AOLSERVER] nsd and memory leaks
No, you're not being paranoid. Are you using nscgi and running CGI
scripts? If so, then you're running into this problem
compiled in. If you run into this issue, add this to your CFLAGS +=
line:
-I/usr/kerberos/include
This fix will be in the next release. Kick the tires and report any
flats.
/s.
On Jan 19, 2004, at 3:00 PM, Scott Goodwin wrote:
Attached is beta 12. Please test to see if your images issue is fixed.
I
Why are you using the same file for both your Certificates and your
list of CA Certificates to validate incoming certificates with? When a
client passes you their certificate, nsopenssl uses the CA certificates
in the CAFile to validate that client certificate. Based on what I see
below, you're
Use the CAFile param -- ignore the CADir param. Simply take all the CA
certificates you have that you want to use to validate peer
certificates with and concatenate them together into one file. The CA
certificates have to be in PEM format.
You only use them when you have PeerVerify set and you
nsoracle 2.7 is now available on SourceForge in the file downloads
area. Please look at the ChangeLog for more info. Much thanks to Jeremy
Collins, who did all the work.
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with
On Feb 10, 2004, at 10:36 AM, [EMAIL PROTECTED] wrote:
Also, Jeff Davis of the OpenACS crew has been de facto maintainer of
the
driver - do you plan to talk to him before moving forward?
There haven't been any defacto maintainers since Jeremy and Jeff
stepped up to be co-maintainers of nsoracle
Jeremy, Jeff,
would it be possible to create a regression test suite that exercises
the functionality? It could include a simple set of SQL files to load
into the db and then run the tests against.
/s.
On Feb 10, 2004, at 1:02 PM, [EMAIL PROTECTED] wrote:
On Feb 10, 2004, at 9:36 AM, [EMAIL
Sorry I haven't responded -- very busy on a work project.
Essentially what's happening is the core driver keeps calling
nsopenssl's read function even when there's nothing ready to be read
yet. The infinite loop isn't really infinite because the connection is
still alive, but the client hasn't
When I worked at DoD I placed their root CA cert first, then the
intermediate CAs after, all concatenated into one file that I then
pointed to with ServerCAFile -- this worked fine. Ensure you don't have
any corruption of the file, as might happen if it has DOS-style line
endings.
/s.
On Feb 27,
Occurs when client doesn't send data before driver's recvwait value has
expired. Probably innocuous, specifically if keepalive is set.
/s.
On Feb 26, 2004, at 10:39 PM, Dossy wrote:
Is there any reason why seeing something like this in my server log
should cause me to be suspicious:
I've fixed the problem and will have beta 14 online once I'm able to
connect to sourceforge to commit the changes. AOLserver core code is
fine. Problem was I needed to wait on the socket if the socket was
still valid but had no bytes ready.
/s.
On Feb 27, 2004, at 1:11 PM, Scott Goodwin wrote
I'm unable to connect to SF via CVS to checkin or checkout code. Can
someone try to get something from AOLserver CVS area using their login
mode (i.e. don't use anonymous pserver access) and post here if they
can get to it?
thanks,
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself
Problem solved; changed my env set up last week and CVS_RSH stopped
being exported.
thanks,
/s.
On Feb 29, 2004, at 7:22 AM, Dossy wrote:
On 2004.02.28, Scott Goodwin [EMAIL PROTECTED] wrote:
I'm unable to connect to SF via CVS to checkin or checkout code. Can
someone try to get something from
I've committed and tagged v3_0beta17 and it's up at scottg.net. This
should resolve problems where slow or non-responsive clients cause
nsopenssl to soak up all your CPU. Report any odd behavior to me; in
particular, look for SSL_ERROR_* messages in your log files. If you
see any, send me copies
Mac OS X also comes with uuidgen, which probably means the other BSDs
do as well. The code seems straightforward enough to turn it into a
loadable module.
I'm using a simple random sequence of characters as a session id for
visitors:
set chars
Right now you have two choices that I'm aware of: run AOLserver, or
replicate whatever part of its Tcl API you need to test with. For
example, I have several access control procs that work with IP
addresses, usernames and so on. I want regression tests on these to be
run after any changes to the
Not sure this still applies. This code section has changed
significantly in the main branch and maxpost has been replaced by
maxinput, or so it appears. Might still want to file it a as a bug on
SF as Zoran suggested (with the right AOLserver version it affects) so
we do have a record of it.
/s.
Here's the pertinent text from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
Why am I getting errors when attempting to access certain SSL protected
Web Sites?
After installing the Internet Explorer 6.0 SP1 version of this update,
there may be intermittent failures
if there is an http
status code so that the browser would resend the request. Or I could
display an error page that suggest the user update their browser with
831167.
Any ideas on how to handle for external users would be welcome.
Thanks,
Ron Emerick
On Tue, 13 Apr 2004 09:39:04 -0400, Scott Goodwin
On Apr 13, 2004, at 2:19 PM, Tomasz Kosiak wrote:
I would certainly opt for having this. But as far as I remember from
disscussion with Piotr Szuca that may be difficult to add to AOLserver
due to current keepalive implementation.
It would probably be difficult to implement for nsopenssl and
Gustaf,
MSIE versions are riddled with problems. Ensure SSL session caching is
turned on. Looking at the sources, keepalivetimeout is the correct
parameter for AOLserver 4.x -- setting this to 0 disables keepalive
entirely.
Also, MSIE 6.x has intermittent POST problems with the behavior you
Looks like problem between RH 7.3 and OpenSSL 0.9.7d. Ensure that your
LD_LIBRARY_PATH is set appropriately to point to our compiled version
of OpenSSL libs before starting AOLserver; you might be picking up the
system's SSL libs. If that doesn't work, follow the same build
procedure using earlier
Turn on the Trace param for nsopenssl and look in the logs. I'll bet
the handshake is still failing, but because of something else. Also,
send me (directly) the relevant portion of your nsd.tcl file so I can
review your settings (remove any sensitive info).
/s.
On Apr 22, 2004, at 10:23 PM,
Thanks. Will attempt to recreate next week. I'm currently on vacation
in Florida :)
/s.
On May 10, 2004, at 11:53 PM, Torben Brosten wrote:
Scott Goodwin,
FYI,
Here is another 'assertion md_c[1] == md_count[1] failed:' with
similar
conditions that caused server to crash. (domain and ip numbers
BTW, I may be pulling down OSSWEB and stealing some code from it...do
you mind?
thanks,
/s.
On Apr 30, 2004, at 10:26 AM, Vlad Seryakov wrote:
Hi,
This is AOLserver module that implements database driver for BerkeleyDB
from www.sleepycat.com
Download
http://www.crystalballinc.com/vlad/software/
--
Torben,
excellent information -- duplicating the problem is 90% of the battle
and the info you've given here may be enough for me to do so.
thanks,
/s.
On May 2, 2004, at 12:50 AM, Torben Brosten wrote:
Scott,
Not sure if you solved this. I came across similar error conditions,
apparently
the
It's not a threading issue. AOLserver 4.x opens the listen sockets for
all comm modules including nsopenssl, and the error message is coming
from the DriverThread function in nsd/driver.c when it attempts to
start listening on the port. The reason it says nsopenssl is, well,
because that's the
://www.scottg.net/webtools/aolserver/modules/nsopenssl
?
/s.
On Jun 3, 2004, at 3:41 PM, Dossy wrote:
Sadly, I do very little with SSL and nsopenssl -- perhaps Scott Goodwin
can say something about this, if he's not too busy?
-- Dossy
On 2004.06.03, Scott Laplante [EMAIL PROTECTED] wrote:
Any advice
Hi Mike,
SSL contexts are needed for each client and each server. Multiple
clients can share the same client SSL context, and multiple servers can
share the same server SSL context, but a client cannot share a server's
SSL context and vice versa. See the notes in the nsopenssl distribution
for
This is debugging code from a prior beta. Just grab the latest CVS HEAD
for nsopenssl -- latest tag should be v3_0beta21.
/s.
On Jun 30, 2004, at 12:33 PM, Nathaniel Haggard wrote:
The webserver runs for about 6 minutes and then crashes.
The log file is full of this:
My apologies for not being more reponsive; I've been very busy at NASA
these past six months. I'm getting ready to use nsopenssl for the sites
we're building here so I'll be fixing any problems you're seeing in the
next few weeks. I suspect I'm not seeing many of the errors when my
tests are
:40 PM, Cathy Sarisky wrote:
On Tue, 10 Aug 2004, Scott Goodwin wrote:
purchased two low-end intel boxes to set up a test network and run
load
tests across ethernet; just waiting for two 200GB drives to arrive so
I...
LOL. I like your definition of low-end. Should you find yourself
with an
excess
:
No problem, Scott, glad to hear you're still at it. I hope I didn't
sound like I was complaining; I was just wanting to figure out who, if
anyone, was maintaining the module.
If I can help you sort this out, just let me know.
janine
On Aug 10, 2004, at 5:28 PM, Scott Goodwin wrote:
--
AOLserver
If you're using nsopenssl, it's possible your OpenSSL library has
been compiled with Kerberos enabled. If you can, compile a local copy
of OpenSSL without Kerberos support.
/s.
On Feb 13, 2006, at 8:56 AM, Dossy Shiobara wrote:
On 2006.02.13, Nima Mazloumi [EMAIL PROTECTED] wrote:
I got
AOLserver actually manages the connections for nsopenssl. The
nsopenssl code in question is:
if (Ns_QueueConn(sdPtr-driver, scPtr) != NS_OK) {
Ns_Log(Warning, %s: connection dropped, sdPtr-module);
(void) SockClose(scPtr);
}
nsopenssl is getting something other than NS_OK back
ms you encountered, I'll do my best to help within the time I have available./s.On Jul 22, 2006, at 8:59 PM, Scott Goodwin wrote:AOLserver actually manages the connections for nsopenssl. The nsopenssl code in question is:if (Ns_QueueConn(sdPtr-driver, scPtr) != NS_OK) { Ns_Log(Warning, "%s: connec
nsopenssl 2.x won't work with AOLserver 4.5.x.
nsopenssl-3.0beta26 is segfaulting when generating temporary 512-bit
keys. This was fixed a while back -- go grab the cvs copy of
nsopenssl from sourceforge. I just compiled it with AOLserver 4.5.0
and it runs, though it gives me an error
-g
nmont -ft /usr/local/aolserver/neumont- dev.tcl -b 127.0.0.1:80
[EMAIL PROTECTED] bin]#
On 1/22/07, Scott Goodwin [EMAIL PROTECTED] wrote:
nsopenssl 2.x won't work with AOLserver 4.5.x.
nsopenssl-3.0beta26 is segfaulting when generating temporary 512-bit
keys. This was fixed a while back
How many connections a day does your server get, and can you give me
an estimate of the rate of connection activity when the form
submission fails? Also, send me the output of 'uname -a' and the
version of OpenSSL you're using.
thanks,
/s.
On Jan 25, 2007, at 5:52 PM, Alex Kroman wrote:
on.
Linux intra 2.6.8-3-686-smp #1 SMP Thu Feb 9 07:05:39 UTC 2006 i686
GNU/Linux OpenSSL 0.9.7e
-Original Message-
From: AOLserver Discussion [mailto:[EMAIL PROTECTED] On
Behalf Of Scott Goodwin
Sent: Thursday, January 25, 2007 5:37 PM
To: AOLSERVER@LISTSERV.AOL.COM
Subject: Re: [AOLSERVER
Steve, what version of OpenSSL are you running on the site that
you're experiencing this problem on?
/s.
On Jan 26, 2007, at 3:55 AM, Steve Manning wrote:
Alex
We see this problem as well and I think its related to the system
load.
Our peak load is in October when we are averaging over
: AOLserver Discussion [mailto: [EMAIL PROTECTED] On
Behalf Of Scott Goodwin
Sent: Thursday, January 25, 2007 5:37 PM
To: AOLSERVER@LISTSERV.AOL.COM
Subject: Re: [AOLSERVER] SSL read error: bad write retry
How many connections a day does your server get, and can you give me
an estimate of the rate
-0500, Scott Goodwin wrote:
Steve, what version of OpenSSL are you running on the site that
you're experiencing this problem on?
/s.
On Jan 26, 2007, at 3:55 AM, Steve Manning wrote:
Alex
We see this problem as well and I think its related to the system
load.
Our peak load is in October when we
-0500, Scott Goodwin wrote:
Note that turning off keepalive will turn it off for non-SSL conns as
well, so if you try it, do be careful.
--
Steve Manning - Mandrake Linux 10.1 - Gnome 2.6
East Goscote - Leicester - UK +44 (0)116 260 5457
E-Mail: [EMAIL PROTECTED] - Web: www.festinalente.co.uk
AIM
I've been able to trigger this error message with AOLserver 4.0.10,
OpenSSL 0.9.8d, and nsopenssl cvs running on a gentoo linux box with
Mac's Safari as the client over my home network, though not
consistently. Safari doesn't fail to load the page the way it's been
reported that MSIE does,
At this point I'd prefer not to speculate -- much better to replicate
the problem and see it in all its dynamic glory. However, my sense is
that session caching, keepalive and other factors may make the
problem worse but are not likely to be root causes.
/s.
On Jan 29, 2007, at 6:13 PM,
nsopenssl
and if you're seeing your CPU(s) maxed out when the server hangs.
/s.
Scott Goodwin
e: [EMAIL PROTECTED]
k: 0x8CCA5533
On Jul 3, 2007, at 7:17 AM, Vlad Hociota wrote:
Hello folks.
I’m digging into this issue and thought maybe someone might
remember anything from those days
Anyone know where I might find the old ArsDigita AOLserver CVS
repositories? Preferably a later one with all the log history intact.
Reply directly to me.
thanks,
/s.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to [EMAIL PROTECTED]
Rami,
Tcl is attempting to create a new hash table entry on a hash table
that was either never created or was created but has ceased to exist
-- most likely the pointer to that hash table is null or corrupted.
This could be something in AOLserver that uses the Tcl_Hash* API.
First steps:
, Oct 28, 2008 at 7:50 PM, Scott Goodwin [EMAIL PROTECTED]
wrote:
Rami,
Tcl is attempting to create a new hash table entry on a hash table
that was either never created or was created but has ceased to exist
-- most likely the pointer to that hash table is null or corrupted.
This could
problems that the FreeBSD 32 bits doesn't give.
Regards,
Juan José
-
Juan José del Río|
(+34) 616 512 340| [EMAIL PROTECTED]
Simple Option S.L.
Tel: (+34) 951 930 122
Fax: (+34) 951 930 122
http://www.simpleoption.com
On Wed, 2008-10-29 at 06:53 -0400, Scott Goodwin wrote
Hi, Michael,
I haven't tested nsopenssl with a wildcard SSL cert but I'm assuming
it'll work as I don't think there's anything special that needs to be
done in OpenSSL. The keystore capability you're talking about is
simply a container to manage keys and certs -- it doesn't provide any
Héctor,
Try and duplicate the problem with another browser, preferably as many
other browsers as you have available. This will narrow down whether
it's an interaction problem with Firefox in particular or a general
problem. If all the other browsers have no problems yet Firefox still
this problem, Gustaf commited the fix to openacs cvs:
http://cvs.openacs.org/cvs/openacs-4/packages/xotcl-core/tcl/bgdelivery-procs.tcl?r1=1.15r2=1.16
Cheers, Héctor
El lun, 03-11-2008 a las 13:30 -0500, Scott Goodwin escribió:
Héctor,
Try and duplicate the problem with another browser
You don't actually use the conn argument's value directly. Use ns_conn
to access the connection information. For example,
set url [ns_conn url]
gets you the URL of the HTTP request.
(a totally useless example, but you get the point).
/s.
On Nov 27, 2008, at 12:33 AM, Eric Lee wrote:
I'm
I should take my time and read through the entire message -- I guess
it's rather late.
The HTTP Host information will be located in the request headers which
you can grab and put into an ns_set like this:
set headers [ns_conn headers]
You can then get the HTTP Host header with:
set
Eric,
You really should be using ns_register_filter instead of ns_return_proc.
ns_register_filter when method URLpattern myScript ?args?
proc myScript {?conn? args why} {
# Do stuff...
}
With ns_register_proc you intercept all matching URLs and *you* must
provide valid
Years ago I connected to AOLserver using nscp and when I was done I
would type 'exit' which caused AOLserver to shutdown (there's now a
special exit command created within nscp's interp that does a no-op).
There might be something similar going on here such that scanimage's
termination /
Make sure enabletclpages is set to true in nsd.tcl. By default it is
set to false, meaning that .tcl files won't run from under pageroot.
ns_section ns/server/${servername}
...
ns_param enabletclpages true ;# Parse *.tcl files in pageroot.
...
/s.
On Dec 10,
All connections should be logged as requests that came from clients
along with details on how the server responds. Some indication that
the connection was aborted should be made in the log, perhaps with a
count of how many bytes were transferred. In cases where no response
is going to be
John,
Tell me what version of OpenSSL you're running.
thanks,
/s.
On Jul 15, 2009, at 5:26 PM, John Caruso wrote:
We've run into a bug with AOLserver 4.5.1 / nsopenssl 3.0beta26.
The bug is fully documented here:
Joe did this work during last year's Tcl conference when he couldn't
get ns_odbc to compile on his Windows laptop so he could use it during
a tutorial. I'm certain he based the changes on the version of ns_odbc
in CVS at that time, and I think the changes were mostly to the build
process
The code that each connection thread runs to service a connection is wrapped
within a while loop that starts at whatever you set ns/threads - maxconns to
and counts down to zero. When it reaches 0, a connection thread exits. If
ns/threads - maxconns is set to 0, then your connection threads
Check the full path of one of your adp includes that fails with the permissions
error and ensure that the owner has read permissions on the file, and that
owner has execute perms on all directories in its path. Ownership of a file
gives ability to change perms on it, but you can still change
101 - 182 of 182 matches
Mail list logo