On Sat, Jun 13, 2015 at 6:06 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> On Sat, Jun 13, 2015 at 6:51 PM, Rainer Jung <rainer.j...@kippdata.de> > wrote: > > > > any chance you can reproduce the problem with a slightly patched 2.4.14 > to > > get additional log output around the suspect code? > > > > The patch would be > > > > Index: modules/http/http_filters.c > > =================================================================== > > --- modules/http/http_filters.c (revision 1685283) > > +++ modules/http/http_filters.c (working copy) > > @@ -514,6 +514,9 @@ > > rv = parse_chunk_size(ctx, buffer, len, > > > > f->r->server->limit_req_fieldsize); > > if (rv != APR_SUCCESS) { > > + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, > > APLOGNO(99999) > > + "Error parsing chunk size, buffer > > %*.*s, limit %d", > > + len, len, buffer, > > f->r->server->limit_req_fieldsize); > > if (rv != APR_ENOSPC) { > > http_error = HTTP_BAD_REQUEST; > > } > > Hmm, it seems that the backported patch in r1684515 is not the > proposed/voted v5, where AH01590 would normally have been logged here. > Bill, looks like v4 was applied instead... Attached is the diff on > http_filter.c between the two patches. > > BTW, v5 does not address the regression encountered by Steffen either: > space(s) between the chunk-size and the CRLF which are not allowed > anymore. > This is not really RFC compliant, but I guess we have to be lenient here... > > I did not look at pr12355.t and pr43738.t yet, however those passed in > my tests, so it's probably something different. > Just in case it wasn't clear, these aren't regressions. I get them with prior releases on FreeBSD 10.1 also. I don't know if it is the Perl stack or OpenSSL or ??? that results in the consistent failure. (This FreeBSD has a significantly newer Perl stack from system packages than CentOS 7.) IIUC, Rainer has been reporting intermittent failures on various platforms for a while. > Jeff, any idea where these failures can come from? > What do -v and the logs say? > pr12355.t only: # testing : renegotiation on POST works # expected: 200 # received: 500 not ok 3 # testing : request body matches response # expected: 'hello world' # received: 'Status read failed: at /usr/local/lib/perl5/site_perl/Net/HTTP/Methods.pm line 289. # ' not ok 4 ... # testing : renegotiation on POST works # expected: 200 # received: 500 not ok 7 # testing : request body matches response # expected: 'xxxxxx... # received: 'Status read failed: at /usr/local/lib/perl5/site_perl/Net/HTTP/Methods.pm line 289. # ' not ok 8 I think this is the underlying failure I'm seeing, possibly for both testcases: Sat Jun 13 23:08:55.005710 2015] [ssl:error] [pid 3745] [client 127.0.0.1:44064] AH02261: Re-negotiation handshake failed [Sat Jun 13 23:08:55.005743 2015] [ssl:error] [pid 3745] SSL Library Error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher -- Too restrictive SSLCipherSuite or using DSA server certificate? -- Born in Roswell... married an alien... http://emptyhammock.com/