At Thu, 1 Mar 2012 09:31:40 +0400, Sergey Pinaev wrote: > On Wed, 29 Feb 2012 09:20:54 -0700 > Matthew Flatt <mfl...@cs.utah.edu> wrote: > > > Neil and Timur: Thanks for detailed information about the problem. > > > > So far, I haven't managed to replicate the problem on my machine. Do > > you have any hints on how to configure Apache to trigger the problem > > or a server that I might try? > > you must access document in location, where SSLVerifyClient required: > > <Location /dir/> > SSLRequireSSL > SSLVerifyClient require > SSLVerifyDepth 10 > </Location> > > and do "GET /dir/some.file HTTP/1.0" to cause apache do connection > re-negotiation.
Ah, now I get it. If the server requires a certificate for all connections, then there's no problem. It's only when certificate verification is triggered after some communication that the problem happens. I've pushed a repair. The problem was that the `pump-output' call was too early; it needs to happen after SSL_read(), in case the SSL_read() triggers new output for the socket level. I also added support for renegotiation to the library, which makes it easier to write tests for problems exposed by renegotiation. Thanks! _________________________ Racket Developers list: http://lists.racket-lang.org/dev