Hi,
It's been a while since I played with the Apache code, and it'll be nice if
somebody can help me here.
I put some debug statements in the ssl_engine_io.c - in bio_filter_out_write() and
bio_filter_in_read() to see if the alert message is actually being sent, and got the
following output:
bio_filter_out_write: trying to write inl: 900 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
bio_filter_out_flush: trying to flush blen: 900
bio_filter_out_write: trying to write inl: 67 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
bio_filter_out_flush: trying to flush blen: 67
(70014)End of file found: bio_filter_in_read: got EOF - returning -1 (at the end)
(70014)End of file found: SSL input filter read failed.
------>> Does the socket fd get closed at this point ?
bio_filter_out_write: trying to write inl: 23 (length 0 blen 0)
bio_filter_out_write: buffering data (NO WRITE YET)
------>> This is the close notify message that SSL_set_shutdown() was trying to send -
but it never gets sent because the message is buffered. Maybe we need to revisit the
logic of bio_filter_out_write() ?
Connection to child 0 closed with standard shutdown(server lugia.cup.hp.com:443,
client 15.0.70.188)
I tried changing the logic in bio_filter_out_write() to send the data as it comes
(instead of buffering it,and forcing through flush) - but when we try to send the
close notify message, we get the error "Bad file number" => which means that the
socket got closed before SSL_shutdown was issued ?
-Madhu
>-----Original Message-----
>From: Mathihalli, Madhusudan
>Sent: Wednesday, February 04, 2004 6:08 PM
>To: [EMAIL PROTECTED]
>Subject: RE: mod_ssl not sending Alert upon close ?
>
>
>
>>-----Original Message-----
>>From: Geoff Thorpe [mailto:[EMAIL PROTECTED]
>>Sent: Wednesday, February 04, 2004 5:56 PM
>>To: [EMAIL PROTECTED]
>>Cc: Mathihalli, Madhusudan
>>Subject: Re: mod_ssl not sending Alert upon close ?
>>
>>
>>On February 4, 2004 04:39 pm, Mathihalli, Madhusudan wrote:
>>> Hi,
>>> I was playing with ssldump for the data transferred b/w
>>browser and
>>> Apache (2.0.48) - and realized that the Apache2 (+ mod_ssl) does not
>>> send the Alert message to the client before closing the connection.
>>
>>Funnily enough, I was just stewing on a similar problem with
>openssl's
>>builtin "s_server" application - in that case, the braindamage is in
>>s_server.c's use of "SSL_CTX_set_quiet_shutdown(ctx,1)".
>>Perhaps apache2
>>is doing the same thing?
>>
>
>I don't think thatz the case - apache2 is NOT doing
>quiet_shutdown. When I enabled logging of wbio, it appears
>that it's sending the close notify - but the client doesn't see it.
>
>I'm suspecting if we have to flush manually after doing a
>SSL_set_shutdown(), because there's some special logic in
>bio_filter_out_write().
>
>-Madhu
>
