John,
Tell me what version of OpenSSL you're running.
thanks,
/s.
On Jul 15, 2009, at 5:26 PM, John Caruso wrote:
We've run into a bug with AOLserver 4.5.1 / nsopenssl 3.0beta26.
The bug is fully documented here:
https://sourceforge.net/tracker/?func=detail&aid=2822117&group_id=3152&atid=103152
But the short version is that when using the nsopenssl client-side
routines (e.g. ns_httpsget), the result may be truncated if the
client starts reading before all of the data has been received.
This bug ONLY occurs with an AOLserver client (any version) running
against an AOLserver 4 / nsopenssl 3.0beta26 server. We've
reproduced the bug on RHEL4, RHEL5, and Mac OS X.
The bug is easily demonstrated by copying the file I've attached to
this message (sslbug.tcl) to the top-level context of a web server
running AOLserver 4.x/nsopenssl 3.0beta26 and then navigating to https://
<server>/sslbug.tcl. If you comment out the ns_httpsget and use
ns_httpget instead, you'll see that the bug disappears.
We've done a lot of instrumenting of nsopenssl/AOLserver, but
haven't been able to track down the root cause. It seems likely
that it's related to data buffering, which seems like it would be
occurring within AOLserver or Tcl...but the issue is definitely
specific to SSL, which implies that it's something in nsopenssl
3.0beta26.
Does anyone have any idea what might be causing this problem?
- John
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com
> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.<sslbug.tcl>
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.