DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20785>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20785 ssl with mod_proxy is very unstable [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|ssl with mod_proxy is very |ssl with mod_proxy is very |unstable |unstable ------- Additional Comments From [EMAIL PROTECTED] 2003-09-11 01:13 ------- I am Katsumi Ishii. I belong to Hitachi System and Service,Inc. Sorry in strage English. I use mod_proxy and mod_ssl for reverse proxy https connection. Less than 50% of the https connetions will fail. here is my environment. OS : HP-UX 11i Apache : 2.0.47 OpenSSL : 0.9.7b and here is error log when the connections failed : +------------------------------------------------------------------------------+ [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Handshake: start [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: before/connect initialization [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop: SSLv2/v3 write client hello A [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_io.c(1484): OpenSSL: read 0/7 bytes from BIO#400db538 [mem: 40119ca8] (BIO dump follows) [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_io.c(1431): +--------------------- ----------------------------------------------------+ [Wed Sep 10 10:18:53 2003] [debug] ssl_engine_io.c(1462): +--------------------- ----------------------------------------------------+ [Wed Sep 10 10:18:53 2003] [info] SSL Proxy connect failed [Wed Sep 10 10:18:53 2003] [info] Connection to child 1 closed with abortive shutdown(server www.zzbojinfo.boj.or.jp:443, client 10.253.253.134) +------------------------------------------------------------------------------+ I changed my config and tried test, but it doesn't help. Then I changed source(srclib/apr/network_io/unix/sendrecv.c) for output debug log, and I tried test. I found errno=11 in debug log. Systemcall(read) set 11[EAGAIN] in "errno". I amended source(srclib/apr/network_io/unix/sendrecv.c), then I avoided this problem. here is chaged source. +------------------------------------------------------------------------------+ *** sendrecv.c.org Fri May 30 21:50:39 2003 --- sendrecv.c Wed Sep 10 10:21:50 2003 *************** *** 109,114 **** --- 109,115 ---- { apr_ssize_t rv; apr_status_t arv; + int roopCnt; if (sock->netmask & APR_INCOMPLETE_READ) { sock->netmask &= ~APR_INCOMPLETE_READ; *************** *** 115,123 **** goto do_select; } do { rv = read(sock->socketdes, buf, (*len)); ! } while (rv == -1 && errno == EINTR); if (rv == -1 && (errno == EAGAIN || errno == EWOULDBLOCK) && apr_is_option_set(sock->netmask, APR_SO_TIMEOUT)) { --- 116,129 ---- goto do_select; } + roopCnt=0; do { rv = read(sock->socketdes, buf, (*len)); ! if (rv == -1 && (errno == EINTR || errno == EAGAIN)) { ! apr_sleep(5000); ! } ! roopCnt++; ! } while ((rv == -1 && (errno == EINTR || errno == EAGAIN)) && roopCnt < 10); if (rv == -1 && (errno == EAGAIN || errno == EWOULDBLOCK) && apr_is_option_set(sock->netmask, APR_SO_TIMEOUT)) { +------------------------------------------------------------------------------+ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
