Re: Bug+Patch: mod_ssl 2.8.22 ssl_io_suck() timeout handling

Re: Bug+Patch: mod_ssl 2.8.22 ssl_io_suck() timeout handling

am 06.07.2005 10:17:21 von rse

On Mon, Jun 27, 2005, Douglas K. Fischer wrote:

> In debugging a number of issues we encountered on some of our web
> platforms, I discovered that the "presucking" routine in mod_ssl
> handles the timeout of pre-sucking the POST data in such a manner that
> the entire POST body must be read within the Timeout value (per the
> Apache conf). This seems contrary to the handling of POST reading,
> especially per mod_perl's handling of this, as well as the manner in
> which Apache handles writing of data. In both of these cases a call to
> ap_reset_timeout() is used in between successful reads/writes to reset
> the timeout. This allows a large and/or slow transfer to succeed,
> provided that data is read/written at such a pace that some chunk is
> sent/received within the Timeout value. Without such a reset, either
> the Apache Timeout value has to be set to a very high number, or else
> slow/large transfers will always fail if a pre-suck is required.
>
> Correcting this requires a simple 1-line patch to ssl_engine_io.c,
> listed below.
>
> ------------------------------------------------------------ --------------
> diff -Pur mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c
> mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c
> --- mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c Sat
> Jul 17 02:52:22 2004
> +++ mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c Mon Jun 27
> 12:32:10 2005
> @@ -228,6 +228,7 @@
> ~ while ((len = ap_get_client_block(r, buf, buflen)) > 0) {
> ~ ssl_io_suck_record(r, buf, len);
> ~ sucked += len;
> + ap_reset_timeout(r);
> ~ }
> ~ ssl_io_suck_end(r);
> ~ ap_kill_timeout(r);
> ------------------------------------------------------------ --------------

Ok, finally taken over for inclusion into mod_ssl 2.8.23.
Thanks for your feedback.

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org