[jira] [Commented] (TS-1384) SSL client fails to send response to origin server

Fri, 27 Jul 2012 14:48:37 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-1384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424172#comment-13424172
 ] 

Jeremy Stashewsky commented on TS-1384:
---------------------------------------

Forcing a writeReschedule() call when the object is for a client seems to fix 
the problem, but I haven't studied the code enough to know if this is the right 
solution (it *seems* to work, though).  Going to try tidy up a patch and get 
managerial approval to do so.
                
> SSL client fails to send response to origin server
> --------------------------------------------------
>
>                 Key: TS-1384
>                 URL: https://issues.apache.org/jira/browse/TS-1384
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 3.2.0
>         Environment: OSX 10.7 and SmartOS, OpenSSL 0.9.8r, 0.9.8q and 1.0.1c 
> (although there maybe be other bugs affecting 0.9.8; could only get 1.0.1c 
> working)
>            Reporter: Jeremy Stashewsky
>
> When attempting the following request through a forward-proxy configured ATS 
> instance.
>    GET https://encrypted.example.com/ HTTP/1.1
>    Accept: text/html
> I expected a normal 200 response, but instead got a hang and eventual 502 
> hangup (generated by ATS).  The request from the client is sent over HTTP and 
> is not a CONNECT tunnel.
> It seems that at the network level the SSL handshake from ATS to the origin 
> server works fine, but that no discernible request packet is sent.  Looking 
> at the test HTTPS origin server I'm using, indeed no request arrives (and the 
> handshake seems fine).
> I dug through the code and it appears that in SSLNetVConnection::net_read_io, 
> once the ssl handshake completes, the code assumes that the logical next step 
> is to attempt to read from the socket.  While this is certainly true for an 
> HTTPS server, it is the opposite required for an HTTPS *client*.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to