Failed uploading file to Appache HTTP Server after using SSL

Hi all,


I have setup a SunOne App server in linux and Apache HTTP Server with
Open SSL for users to access it.

When access the application and try to upload a file in one
functionality module of the application, some problems encountered:

1. If users access our server via https://.... through the web
server, it fails to upload. Backend source encountered
NullPointerException when accessing the FileItem requested.

2. But if users access our server via http://... through the web
server, there is no that problem.


Hence I think there should be something wrong with the request parsing
through https.

Any advice/clue to check where or how to solve it is greatly
appreciated. Thanks in advance.

Apache ver:
Server version: Apache/2.0.55
Server built: Apr 6 2006 11:33:34


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

------=_Part_1053_27798647.1145371762498
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/18/06, Ken Chen wrote:
>
> 1. If users access our server via https://.... through the web
> server, it fails to upload. Backend source encountered
> NullPointerException when accessing the FileItem requested.
> 2. But if users access our server via http://... through the web
> server, there is no that problem.
> Hence I think there should be something wrong with the request parsing
> through https.
> Any advice/clue to check where or how to solve it is greatly
> appreciated. Thanks in advance.


A couple of suggestions: (1) turn on debug logging in mod_ssl... this will
give you a byte-by-byte dump of the SSL transaction in the log file. (2)
try connecting to your https server with "openssl s_client" and then issuin=
g
a GET request by hand. That can often be instructive.

--Cliff

------=_Part_1053_27798647.1145371762498
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/18/06, Ken Chen < o:chengusky@gmail.com">chengusky@gmail.com> wrote:

Re: Failed uploading file to Appache HTTP Server after using SSL

Hi Cliff,

Thanks for your advice.

Now seems when uploading big file has problem in ssl. When I upload a
3K image file, it's ok. But when I upload a 35K image file. It
failed.

Is there any place to set the cache/buffer? Or I have to set
SSLSessionCache and SSLSessionCacheTimeout?

By the way, I don't understand why to use openssl s_client and issue a
GET request? I am uploading file. Isn't it a POST request? Can you
have a brief sample how to test?

Thanks in advance.

Ken


On 4/18/06, Cliff Woolley wrote:
> On 4/18/06, Ken Chen wrote:
>
> > 1. If users access our server via https://.... through the web
> > server, it fails to upload. Backend source encountered
> > NullPointerException when accessing the FileItem requested.
> > 2. But if users access our server via http://... through the web
> > server, there is no that problem.
> > Hence I think there should be something wrong with the request parsing
> > through https.
> > Any advice/clue to check where or how to solve it is greatly
> > appreciated. Thanks in advance.
>
>
> A couple of suggestions: (1) turn on debug logging in mod_ssl... this wil=
l
> give you a byte-by-byte dump of the SSL transaction in the log file. (2)
> try connecting to your https server with "openssl s_client" and then issu=
ing
> a GET request by hand. That can often be instructive.
>
> --Cliff


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

------=_Part_4826_9028194.1145451945998
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/19/06, Ken Chen wrote:
>
> Now seems when uploading big file has problem in ssl. When I upload a
> 3K image file, it's ok. But when I upload a 35K image file. It
> failed.


Ah, I see.


Is there any place to set the cache/buffer? Or I have to set
> SSLSessionCache and SSLSessionCacheTimeout?


You should set the session cache anyway (failing to do so will result in a
major drop in performance), but this should have no effect on the particula=
r
problem you're describing.


> By the way, I don't understand why to use openssl s_client and issue a
> GET request? I am uploading file. Isn't it a POST request? Can you
> have a brief sample how to test?


It was unclear to me from your original message that *any* https was
working, so I was trying to just give you the most basic test to try. I
didn't realize you could upload small files successfully.

Did you turn on the ssl debug log and look at the spot in the large file
upload where it failed?

--Cliff

------=_Part_4826_9028194.1145451945998
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/19/06, Ken Chen < o:chengusky@gmail.com">chengusky@gmail.com> wrote:

Re: Failed uploading file to Appache HTTP Server after using SSL

Hi, Cliff,

The below is the error in ssl-error_log when I am trying to save a large im=
age:
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81f94a8 [mem: 81f9640]
[Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 16:55:36 2006] [info] Connection to child 4 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81df970 [mem: 81eaf30]
[Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 16:55:36 2006] [info] Connection to child 7 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)

Ken


On 4/19/06, Cliff Woolley wrote:
> On 4/19/06, Ken Chen wrote:
>
> > Now seems when uploading big file has problem in ssl. When I upload a
> > 3K image file, it's ok. But when I upload a 35K image file. It
> > failed.
>
>
> Ah, I see.
>
>
> > Is there any place to set the cache/buffer? Or I have to set
> > SSLSessionCache and SSLSessionCacheTimeout?
>
>
> You should set the session cache anyway (failing to do so will result in =
a
> major drop in performance), but this should have no effect on the particu=
lar
> problem you're describing.
>
> > By the way, I don't understand why to use openssl s_client and issue a
> > GET request? I am uploading file. Isn't it a POST request? Can you
> > have a brief sample how to test?
>
>
> It was unclear to me from your original message that *any* https was
> working, so I was trying to just give you the most basic test to try. I
> didn't realize you could upload small files successfully.
>
> Did you turn on the ssl debug log and look at the spot in the large file
> upload where it failed?
>
> --Cliff
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

part of the log when I try to upload 2nd time:
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1512): OpenSSL:
read 335/335 bytes from BIO#81d53d8 [mem: 81eeefd] (BIO dump follows)
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1459):
+----------------------------------------------------------- --------------+
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0000: f9
9e 30 db e4 11 38 bd-41 8a 99 e8 f1 24 18 31 ..0...8.A....$.1 |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0010: 18
99 3b a2 03 26 23 e3-c1 a1 d3 73 22 09 63 e8 ..;..&#....s".c. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0020: 91
1f f2 48 1b 80 a6 fd-45 5d 11 27 ce 42 ac 74 ...H....E].'.B.t |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0030: dc
29 9c 4e 9a 23 02 cb-d4 1e 5a 72 ab 6c d9 df .).N.#....Zr.l.. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0040: 9e
f8 34 45 cb 31 30 47-8a 50 a3 a3 38 e7 2b b8 ..4E.10G.P..8.+. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0050: 6b
56 dd ee 82 3c 21 01-49 9e e9 e0 fd 82 48 34 kV... [Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0060: 94
f3 73 c5 20 2a 0a 38-98 98 c4 4c a5 91 a3 f1 ..s. *.8...L.... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0070: e7
09 74 a5 c3 b7 5f 92-94 68 60 6e e5 86 7c 23 ..t..._..h`n..|# |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0080: 8e
7f 37 02 a2 e5 bc 70-92 a6 78 cb 74 07 ff 99 ..7....p..x.t... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0090: 4f
78 af b8 85 97 3e 37-27 b1 4f c2 94 df dd 7f Ox....>7'.O..... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00a0: c2
af b7 1a b1 9a e1 bb-a3 0c 61 3f 05 57 53 17 ..........a?.WS. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00b0: 2c
b6 f2 32 5f c1 8b 35-32 7d d1 bf dd 49 9c 4a ,..2_..52}...I.J |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00c0: 28
9b cb cc 46 4e 5c 5e-ef 7e 8e 43 b4 76 39 14 (...FN\\^.~.C.v9. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00d0: 6e
2c d0 fd fa 08 c9 73-0f df b8 c4 14 c4 69 4e n,.....s......iN |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00e0: fa
0f 0e 49 29 fd 4f cc-1d f1 56 51 bf aa 09 9b ...I).O...VQ.... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 00f0: 5d
6f b5 84 b5 78 07 49-d9 b4 17 5f 22 24 9c 26 ]o...x.I..._"$.& |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0100: 30
ab 32 26 b5 5e f4 b2-4e 82 1b 5f 3e 91 df 25 0.2&.^..N.._>..% |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0110: 00
54 86 cb 0d 2f a3 8d-46 e2 c6 7a 8e 2e 23 9a .T.../..F..z..#. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0120: 99
8c ca a5 1a 4e 4f ed-4f 65 d2 46 17 a7 06 07 .....NO.Oe.F.... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0130: d6
83 9a db 0c 78 24 d4-eb 62 02 74 a9 e7 5c b5 .....x$..b.t..\\. |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1484): | 0140: f7
0e 16 f1 86 2c b7 45-96 65 77 6b ce dc 2e .....,.E.ewk... |
[Thu Apr 20 17:04:31 2006] [debug] ssl_engine_io.c(1490):
+----------------------------------------------------------- --------------+
[Thu Apr 20 17:04:31 2006] [info] Subsequent (No.3) HTTPS request
received for child 1 (server 192.168.2.130:443)
[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
[Thu Apr 20 17:04:46 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.
[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
Write: SSL negotiation finished successfully
[Thu Apr 20 17:04:46 2006] [info] Connection to child 1 closed with
standard shutdown(server 192.168.2.130:443, client 192.168.2.199)

On 4/20/06, Ken Chen wrote:
> Hi, Cliff,
>
> The below is the error in ssl-error_log when I am trying to save a large =
image:
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81f94a8 [mem: 81f9640]
> [Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
> expired: SSL input filter read failed.
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
> Write: SSL negotiation finished successfully
> [Thu Apr 20 16:55:36 2006] [info] Connection to child 4 closed with
> standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81df970 [mem: 81eaf30]
> [Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
> expired: SSL input filter read failed.
> [Thu Apr 20 16:55:36 2006] [debug] ssl_engine_kernel.c(1794): OpenSSL:
> Write: SSL negotiation finished successfully
> [Thu Apr 20 16:55:36 2006] [info] Connection to child 7 closed with
> standard shutdown(server 192.168.2.130:443, client 192.168.2.199)
>
> Ken
>
>
> On 4/19/06, Cliff Woolley wrote:
> > On 4/19/06, Ken Chen wrote:
> >
> > > Now seems when uploading big file has problem in ssl. When I upload =
a
> > > 3K image file, it's ok. But when I upload a 35K image file. It
> > > failed.
> >
> >
> > Ah, I see.
> >
> >
> > > Is there any place to set the cache/buffer? Or I have to set
> > > SSLSessionCache and SSLSessionCacheTimeout?
> >
> >
> > You should set the session cache anyway (failing to do so will result i=
n a
> > major drop in performance), but this should have no effect on the parti=
cular
> > problem you're describing.
> >
> > > By the way, I don't understand why to use openssl s_client and issue =
a
> > > GET request? I am uploading file. Isn't it a POST request? Can you
> > > have a brief sample how to test?
> >
> >
> > It was unclear to me from your original message that *any* https was
> > working, so I was trying to just give you the most basic test to try. =
I
> > didn't realize you could upload small files successfully.
> >
> > Did you turn on the ssl debug log and look at the spot in the large fil=
e
> > upload where it failed?
> >
> > --Cliff
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

------=_Part_21928_19002800.1145539639877
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 4/20/06, Ken Chen wrote:
>
> [Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
>


Just like it sounds from the message, this error occurs when the call to
SSL_read() in ssl_io_input_read() fails with the system returning an error
of ETIMEUP. While of course it's possible that something is getting "stuck=
"
somewhere and thus it is taking a really long time and subsequently times
out, my first inclination is to say that your global Timeout value is simpl=
y
set too low.

See http://httpd.apache.org/docs/2.0/mod/core.html#timeout

What value do you have set there?

------=_Part_21928_19002800.1145539639877
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Re: Failed uploading file to Appache HTTP Server after using SSL

Cliff:

It's been set as the default one: 300.

I wonder how many I need to set, say possibly my application has the
functionality of uploading attachment, max 2.5MB.

I have tried to search everywhere for solution for the same problem
(ssl_engine_io.c OpenSSL: I/O error). I surprisingly found that many
people have ever encountered this (page can't be displayed) too,
although mostly in IE 5. But it claims to set the session cache,
KeepAlive, etc.

FYI, I surprisingly found that sometimes, it's find after I clearing
my IE's cache before connecting to app, maybe it's really related to
the network speed and timeout setting?

Anyway, thank you very much for your detail, kindly and prompt reply.=20
I should try tomorrow when backing to work. =3D)

Ken



On 4/20/06, Cliff Woolley wrote:
>
>
> On 4/20/06, Ken Chen wrote:
> > [Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
> > error, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]
> >
>
>
> Just like it sounds from the message, this error occurs when the call to
> SSL_read() in ssl_io_input_read() fails with the system returning an erro=
r
> of ETIMEUP. While of course it's possible that something is getting "stu=
ck"
> somewhere and thus it is taking a really long time and subsequently times
> out, my first inclination is to say that your global Timeout value is sim=
ply
> set too low.
>
> See http://httpd.apache.org/docs/2.0/mod/core.html#timeout
>
> What value do you have set there?
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

Cliff,

I have reset the timeout to 600, but the problem remains. I wonder
whether it's the timeout problem because the problem appears
immediately after presssing Upload!

Sometimes the problem is "Page can't be displayed; sometimes it is
what I mentioned at the very beginning that file can't been uploaded.

I found that the error I attached:
[Thu Apr 20 17:00:54 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81d9850 [mem: 81e6f20]
[Thu Apr 20 17:00:54 2006] [info] (70007)The timeout specified has
expired: SSL input filter read failed.

IS logging everywhere from times to times in the ssl-error_log even
the page for loading is loaded successfully.

The strangest thing is sometimes nothing is logged in error log when
uploading file. It just display "Page can't be displayed". Seems ssl
has done nothing.

If really have to come down to recompile in maintainer mode and
attache a debugger, would you please kindly advice and describe the
brief guides on how to do this? I am not familiar with it.

Thanks.


Ken

On 4/21/06, Cliff Woolley wrote:
> On 4/20/06, Ken Chen wrote:
>
> > Anyway, thank you very much for your detail, kindly and prompt reply.
> > I should try tomorrow when backing to work. =3D)
>
>
> Let me know what other details you find out. It might come down to havin=
g
> to recompile apache in maintainer mode and attach a debugger to figure ou=
t
> what's going on...
>
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
> Cliff,
>
> I have reset the timeout to 600, but the problem remains. I wonder
> whether it's the timeout problem because the problem appears
> immediately after presssing Upload!
>
> Sometimes the problem is "Page can't be displayed; sometimes it is
> what I mentioned at the very beginning that file can't been uploaded.

There are a few things you need to check if you're having problems with
MSIE:

1) make sure you are using the shmcb session cache

2) make sure you have prevented use of persistent connections, with a
statement like:

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

in the SSL vhost.

3) if you are using an SSL->HTTP reverse proxy, then (2) will not be
taking effect properly, and you'll need to apply this patch:

http://people.apache.org/~jorton/httpd-2.0.54-ssltrans.patch

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

Hi Joe,

We are using 2.0.55 already. Is it already include that patch?

Ken

On 4/21/06, Joe Orton wrote:
> On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
> > Cliff,
> >
> > I have reset the timeout to 600, but the problem remains. I wonder
> > whether it's the timeout problem because the problem appears
> > immediately after presssing Upload!
> >
> > Sometimes the problem is "Page can't be displayed; sometimes it is
> > what I mentioned at the very beginning that file can't been uploaded.
>
> There are a few things you need to check if you're having problems with
> MSIE:
>
> 1) make sure you are using the shmcb session cache
>
> 2) make sure you have prevented use of persistent connections, with a
> statement like:
>
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> in the SSL vhost.
>
> 3) if you are using an SSL->HTTP reverse proxy, then (2) will not be
> taking effect properly, and you'll need to apply this patch:
>
> http://people.apache.org/~jorton/httpd-2.0.54-ssltrans.patch
>
> joe
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> Hi Joe,
>
> We are using 2.0.55 already. Is it already include that patch?

No, it will be in 2.0.56 and later. But note this only applies if you
are using a reverse proxy, and it only affects the application of the
BrowserMatch statement - if you don't have the BrowserMatch, it has no
effect.

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

ic. Thanks so much. I will apply that patch and see what is going on late=
r.


On 4/21/06, Joe Orton wrote:
> On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > Hi Joe,
> >
> > We are using 2.0.55 already. Is it already include that patch?
>
> No, it will be in 2.0.56 and later. But note this only applies if you
> are using a reverse proxy, and it only affects the application of the
> BrowserMatch statement - if you don't have the BrowserMatch, it has no
> effect.
>
> joe
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

Joe,

Do you mind telling me how to apply the patch? Type command as follow?
patch -s < xxxx.patch

Do I need to stop the httpd server? or recompile or anything else?

Thanks.


On 4/21/06, Ken Chen wrote:
> ic. Thanks so much. I will apply that patch and see what is going on la=
ter.
>
>
> On 4/21/06, Joe Orton wrote:
> > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > Hi Joe,
> > >
> > > We are using 2.0.55 already. Is it already include that patch?
> >
> > No, it will be in 2.0.56 and later. But note this only applies if you
> > are using a reverse proxy, and it only affects the application of the
> > BrowserMatch statement - if you don't have the BrowserMatch, it has no
> > effect.
> >
> > joe
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

FYI.

I have tried to test upload with Firefox. But it turns out that it
fails too. Then, it might not be only a MSIE issue.



On 4/22/06, Ken Chen wrote:
> Hi,
>
> My colleague has helped to deploy the patch and the ssl vhost has been
> configured as follow:
>
> DocumentRoot "/home/server/webpage"
> ServerName 192.168.2.130:443
> LogLevel debug
> ErrorLog logs/ssl-error_log
> CustomLog logs/ssl-access_log common
>
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> ProxyPass /eservices http://localhost:8855/eservices
> ProxyPassReverse /eservices http://localhost:8855/eservices
>
> Alias /eservices-webpage/ /home/server/webpage/
>
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:=
+eNULL
> SSLCertificateFile someCrt.crt
> SSLCertificateKeyFile someKey.key
>
>
> But seems the problem remains: Page can't be displayed. I found no
> error in log (maybe I was not able to found). Here attached the log
> when I press upload to upload file.
>
>
> Ken
>
>
> On 4/21/06, Ken Chen wrote:
> > Joe,
> >
> > Do you mind telling me how to apply the patch? Type command as follow?
> > patch -s < xxxx.patch
> >
> > Do I need to stop the httpd server? or recompile or anything else?
> >
> > Thanks.
> >
> >
> > On 4/21/06, Ken Chen wrote:
> > > ic. Thanks so much. I will apply that patch and see what is going o=
n later.
> > >
> > >
> > > On 4/21/06, Joe Orton wrote:
> > > > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > > > Hi Joe,
> > > > >
> > > > > We are using 2.0.55 already. Is it already include that patch?
> > > >
> > > > No, it will be in 2.0.56 and later. But note this only applies if =
you
> > > > are using a reverse proxy, and it only affects the application of t=
he
> > > > BrowserMatch statement - if you don't have the BrowserMatch, it has=
no
> > > > effect.
> > > >
> > > > joe
> > > > ____________________________________________________________ _______=
___
> > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.=
org
> > > > User Support Mailing List modssl-users@modssl.=
org
> > > > Automated List Manager majordomo@modssl.=
org
> > > >
> > >
> > >
> > > --
> > > --------------------------------------------------
> > > Ken Chen
> > >
> >
> >
> > --
> > --------------------------------------------------
> > Ken Chen
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>
>
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

FYI.

We had to choose to test that by using other versions and we found
that the problem is resolved if we downgrade to 2.0.50.

Ken

On 4/22/06, Ken Chen wrote:
> FYI.
>
> I have tried to test upload with Firefox. But it turns out that it
> fails too. Then, it might not be only a MSIE issue.
>
>
>
> On 4/22/06, Ken Chen wrote:
> > Hi,
> >
> > My colleague has helped to deploy the patch and the ssl vhost has been
> > configured as follow:
> >
> > DocumentRoot "/home/server/webpage"
> > ServerName 192.168.2.130:443
> > LogLevel debug
> > ErrorLog logs/ssl-error_log
> > CustomLog logs/ssl-access_log common
> >
> > BrowserMatch ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > ProxyPass /eservices http://localhost:8855/eservices
> > ProxyPassReverse /eservices http://localhost:8855/eservices
> >
> > Alias /eservices-webpage/ /home/server/webpage/
> >
> > SSLEngine on
> > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EX=
P:+eNULL
> > SSLCertificateFile someCrt.crt
> > SSLCertificateKeyFile someKey.key
> >
> >
> > But seems the problem remains: Page can't be displayed. I found no
> > error in log (maybe I was not able to found). Here attached the log
> > when I press upload to upload file.
> >
> >
> > Ken
> >
> >
> > On 4/21/06, Ken Chen wrote:
> > > Joe,
> > >
> > > Do you mind telling me how to apply the patch? Type command as follo=
w?
> > > patch -s < xxxx.patch
> > >
> > > Do I need to stop the httpd server? or recompile or anything else?
> > >
> > > Thanks.
> > >
> > >
> > > On 4/21/06, Ken Chen wrote:
> > > > ic. Thanks so much. I will apply that patch and see what is going=
on later.
> > > >
> > > >
> > > > On 4/21/06, Joe Orton wrote:
> > > > > On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
> > > > > > Hi Joe,
> > > > > >
> > > > > > We are using 2.0.55 already. Is it already include that patch?
> > > > >
> > > > > No, it will be in 2.0.56 and later. But note this only applies i=
f you
> > > > > are using a reverse proxy, and it only affects the application of=
the
> > > > > BrowserMatch statement - if you don't have the BrowserMatch, it h=
as no
> > > > > effect.
> > > > >
> > > > > joe
> > > > > ____________________________________________________________ _____=
_____
> > > > > Apache Interface to OpenSSL (mod_ssl) www.modss=
l.org
> > > > > User Support Mailing List modssl-users@modss=
l.org
> > > > > Automated List Manager majordomo@modss=
l.org
> > > > >
> > > >
> > > >
> > > > --
> > > > --------------------------------------------------
> > > > Ken Chen
> > > >
> > >
> > >
> > > --
> > > --------------------------------------------------
> > > Ken Chen
> > >
> >
> >
> > --
> > --------------------------------------------------
> > Ken Chen
> >
> >
> >
>
>
> --
> --------------------------------------------------
> Ken Chen
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
> FYI.
>
> We had to choose to test that by using other versions and we found
> that the problem is resolved if we downgrade to 2.0.50.

Was this an exhaustive search: 2.0.51 failed but 2.0.50 worked? That
would be a little surprising: there aren't any regressions in 2.0.51
that I know of.

joe

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Failed uploading file to Appache HTTP Server after using SSL

I am not sure. The version I encountered problem is 2.0.55.


On 4/26/06, Joe Orton wrote:
> On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
> > FYI.
> >
> > We had to choose to test that by using other versions and we found
> > that the problem is resolved if we downgrade to 2.0.50.
>
> Was this an exhaustive search: 2.0.51 failed but 2.0.50 worked? That
> would be a little surprising: there aren't any regressions in 2.0.51
> that I know of.
>
> joe
>
>


--
--------------------------------------------------
Ken Chen
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org