Hi, I was trying to setup Apache (with mod_perl and mod_ssl) on Windows ME, and I had a weird problem.
Before the problem, let me talk about more about some details. I have installed Apache from http://perl.apache.org/dist/win32-bin/. I installed the perl 5.6 version, which is perl-win32-bin.exe. THis file contains Perl 5.6 and Apache 1.3.27. It also contains mod_perl and mod_ssl. After installation I did not use the perl that the package came with. I used my ActivePerl (which is 5.6), because I already installed lots of packages there and there is no difference anyway. In my previous installation of Perl (activeperl) I had mod_perl installed, however that mod_perl was not for eapi, so I removed it and installed the one for eapi from the canadian web site. I installed mod_perl-eapi.ppd. http://theoryx5.uwinnipeg.ca/ppmpackages/ So anyway, I had mod_perl setup for perl and apache. I configured my apache so that it listens both on 443 for secure connections and 80 too. Now, let me talk about how I use mod_perl for my site. I use AuthCookieURL for authentication and authorization. What I do is essentially, get the user's name and password in a page and then authorize the user for the other pages. This works fine, until I used mod_ssl for secure connections. When I tested the apache, it works just fine for port 80. However, it doesn't work very well, on port 443. The second request to the https port crashes Apache. Now as far I as I understood the second request crashes the child process. I am not sure about the internals of Apache. What happens is that, the first request is always fine, only the second request crashes the server. The child process dies, Apache parent process creates the child process again and then everything works fine again until the next 2 requests, except of course I have to press Ok to shutdown the Apache's error box. That is the error does prevent me using Apache for secure connections. Anyway, I spent quite some time on it, and I tracked down the problem to the following. There are two problems, and let me describe how I solved the first one and how I couldn't solve the second one. The first one was that, when the user first requests a page, he/she has to login. In this phase, the AuthCookieURL module shows the custom login page. This happens by a redirection, using custom_message or something like that. I forgot its name now. Anyway, this method as you know receives a return value (in this case it is FORBIDDEN) and a messsage or a relative url. Normally it is a relative url, like /public/login.pl. This is the default way I use this module, and it normally works fine. However, in https requests the second request causes Apache crash, unless I change this method so that it actually returns the output as string. That is instead of a redirection to login.pl, I send the login page in the second argument using the custom_error method. If I make this change, Apache doesn't crash anymore. Ok, now the next step is fixing the authorization phase. Assuming that the user already supplied the correct user/password, he/she can enter to the site. However once he/she enters, the user can not make two subsequent requests without crashing the Apache. I tracked down this problem to the return value of the authorize method of AuthCookieURL. If this method returns OK, which means that the user can enter, it crashes, if the method returns DECLINED, it doesn't crash, but it certainly doesn't show anything either, cause it says "Forbidden , you don't have access" message. I couldn't fix this problem. It just seems that there is no way around this. What I found in the ssl.log is that, basically OpenSSL crashes with I/O errors. It says like expected to read 5 bytes.... The error somehow indicate to me that, maybe I added the modules in the wrong way. I have changed them, but again, it didn't work. That is I added mod_perl last, mod_ssl last and so on, but the net result was the same. Overall, the problem seem to be somewhat related with the phases. If anybody can help me to fix the problem, I would be thankful. Thanks __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com
