Difficulties with SSL and mod_proxy

Sat, 06 Apr 2002 16:08:57 -0800 


I am having trouble with certain combinations of SSL and mod_proxy.
If I have apache 2.0 acting as an SSL enabled server, I can get it
to proxy to a remote SSL server but NOT to a remote clear text server.

So, while this configuration works:

  ProxyPass /foo/ https://otherhost/bar
  SSLProxyEngin On
  .. etc ...

This does not:

  ProxyPass /foo/ http://otherhost/bar

I seem to recall this working several releases ago.

I'm not sure where to look on this, but here are some more details:

1) Apache clearly makes the TCP connection to the downstream server
   but doesn't actualy send any data.

2) After the connection to the downstream server is made, it seems to just
   freeze waiting for input.  Here is a stacktrace taken when it has reached
   this state (this is not a segfault or anything):

0x402b00ee in __select () from /lib/i686/libc.so.6
(gdb) bt
#0  0x402b00ee in __select () from /lib/i686/libc.so.6
#1  0x40043e14 in __DTOR_END__ () at eval.c:41
#2  0x40038325 in apr_recv () at eval.c:41
#3  0x4001d256 in socket_read () at eval.c:41
#4  0x080c6f76 in core_input_filter (f=0x827ba00, b=0x827b9c0, mode=AP_MODE_READBYTES, 
block=APR_BLOCK_READ, readbytes=11) at core.c:3430
#5  0x080be000 in ap_get_brigade (next=0x827ba00, bb=0x827b9c0, 
mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=11) at util_filter.c:508
#6  0x0808adca in bio_bucket_in_read (bio=0x8227388, in=0x8281ec8 "", inl=11) at 
ssl_engine_io.c:395
#7  0x080fa95d in BIO_read () at eval.c:41
Cannot access memory at address 0xb
(gdb) up 4
#4  0x080c6f76 in core_input_filter (f=0x827ba00, b=0x827b9c0, mode=AP_MODE_READBYTES, 
block=APR_BLOCK_READ, readbytes=11) at core.c:3430
3430            rv = apr_bucket_read(e, &str, &len, block);
(gdb) print *f
$1 = {frec = 0x8195b90, ctx = 0x827b9f0, next = 0x0, r = 0x0, c = 0x823e280}


There's a little bit of wierdness here.  This is a single process httpd, not threaded.

The connection the filter is attached to is that of mod_proxy to the downstream server
which is not SUPPOSED to be SSL.  The filter stack on this connection is "ssl/tls 
filter",
then "core_in".  Since the downstream is not an SSL server, this seems incorrect.
Also, at this stage, no data has been sent to the downstream server, so waiting on 
input
from the connection doesn't make sense.

Any pointers here would be helpfull as I am not sure where to look.

-adam

Reply via email to