Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

SSL Hangs then drops connection #403

Closed
Borkason opened this Issue · 16 comments

1 participant

@Borkason
Collaborator

Original author: lnu...@gmail.com (March 07, 2009 21:22:29)

What steps will reproduce the problem?
1. Access the site with HTTPS
2.
3.

What is the expected output? What do you see instead?
The expected is the page with ssl

and I see:

Connection Interrupted
The connection to the server was reset while the page was loading.

Please use labels and text to provide additional information.

Original issue: http://code.google.com/p/cherokee/issues/detail?id=389

@Borkason
Collaborator

From lnu...@gmail.com on March 07, 2009 21:26:28
Flaged the all the cryptor_libssl.c

and in the function _socket_write
len has a value 237
and returns..

I'll keep searching who calls _socket_write and keep searching
If you may know where to look more please F1 or HELP ME :-P

Saludos

Leonel

@Borkason
Collaborator

From lnu...@gmail.com on March 08, 2009 03:07:19
Next :

Flagged connection.h and traced it

cherokee_connection_send_header
then goes to _socket_write and returns

then this
cherokee_connection_tx_add
cherokee_connection_log_or_delay
cherokee_connection_step
cherokee_connection_update_vhost_traffic
cherokee_connection_log_delayed
cherokee_connection_clean

Then Hangs in again

@Borkason
Collaborator

From lnu...@gmail.com on March 08, 2009 03:09:40
now got hanged with http so I can tell this is not SSL related

looking on fastcgi

we can delete this report

@Borkason
Collaborator

From lnu...@gmail.com on March 08, 2009 04:54:23
I've placed some markers on some .c programs to trace

this is when I request the Django Admin same results with fcgi or scgi :
First I've noticed with SSL now I've tried with HTTP and same result
This does NOT happen to the normal django page only with the admin page ...

This started to happen on 0.99 and I'm testing with SVN b2935

This does not happen with 0.98.1 or apache

the 24-? markers are markers within accept_new_connection on thread.c

accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
thread_update_bogo_now thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
thread_update_bogo_now thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1

I REQUEST THE PAGE :

should_accept_more thread.c
thread_update_bogo_now thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
thread_update_bogo_now thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1
24-2
24-3
24-4
cherokee_thread_get_new_connection thread.c
cherokee_connection_new connection.c
24-5
24-6
24-7
24-8
24-9
cherokee_thread_add_connection thread.c
conn_set_mode thread.c
add_connection thread.c
24-10
should_accept_more thread.c
thread_update_bogo_now thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
thread_update_bogo_now thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_get_phase_str connection.c
_socket_new cryptor_libssl.c
_socket_new
outsocket new
_socket_init_tls cryptor_libssl.c
socket_initialize cryptor_libssl.c
Out socket_initialize
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_get_phase_str connection.c
_socket_init_tls cryptor_libssl.c
out _socket_init_tls
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_recv connection.c
_socket_read cryptor_libssl.c
_socket_read
cherokee_connection_rx_add connection.c
cherokee_connection_reading_check connection.c
cherokee_connection_get_request connection.c
get_host connection.c
cherokee_connection_print connection.c
cherokee_connection_get_phase_str connection.c
conn_set_mode thread.c
cherokee_connection_build_local_directory connection.c
cherokee_connection_check_http_method connection.c
cherokee_connection_check_only_secure connection.c
cherokee_connection_check_ip_validation connection.c
cherokee_connection_check_authentication connection.c
cherokee_connection_set_keepalive connection.c
cherokee_connection_set_rate connection.c
cherokee_connection_create_handler connection.c
cherokee_connection_set_chunked_encoding connection.c
cherokee_connection_create_encoder connection.c
cherokee_connection_parse_range connection.c
cherokee_connection_open_request connection.c
cherokee_thread_deactive_to_polling thread.c
del_connection thread.c
add_connection_polling thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
reactive_conn_from_polling thread.c
move_connection_to_active thread.c
del_connection_polling thread.c
add_connection thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_update_vhost_traffic connection.c
cherokee_connection_get_phase_str connection.c
cherokee_connection_open_request connection.c
cherokee_connection_build_header connection.c
cherokee_connection_send_header connection.c
_socket_write cryptor_libssl.c
_socket_write 0
cherokee_connection_tx_add connection.c
cherokee_connection_log_or_delay connection.c
cherokee_connection_step connection.c
maybe_purge_closed_connection thread.c
cherokee_connection_update_vhost_traffic connection.c
cherokee_connection_log_delayed connection.c
cherokee_connection_clean connection.c
conn_set_mode thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c

and the browser here got hanged ..

thread_update_bogo_now thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
thread_update_bogo_now thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_connection_get_phase_str connection.c
_socket_pending cryptor_libssl.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c
process_polling_connections thread.c
process_active_connections thread.c
cherokee_thread_step_MULTI_THREAD thread.c
watch_accept_MULTI_THREAD thread.c

thread_update_bogo_now thread.c
accept_new_connection thread.c
24-1
should_accept_more thread.c
accept_new_connection thread.c
24-1

Saludos

Leonel

@Borkason
Collaborator

From alobbs on March 08, 2009 12:59:52
Leonel,

Please check whether you have these lines in your configuration file:

server!bind!2!port = 443

server!bind!2!tls = 1

It seems that, due to a bug in cherokee-admin, some configuration files were slightly messed up. If the "!tls"
property is equal to "on", please replace it with "1". Hopefully that will fix your problem.

@Borkason
Collaborator

From lnu...@gmail.com on March 08, 2009 14:11:51
This is on the tests server and same config for the producction server :
leonel@hardy-server:/etc/cherokee$ grep bind 99.conf
server!bind!1!interface = 192.168.200.200
server!bind!1!port = 80
server!bind!2!interface = 192.168.200.200
server!bind!2!port = 443
server!bind!2!tls = 1

There are no differences on the cherokee.conf from 0.98.1 and 0.99.3 after running
the 098to099.py

I'll digg deeper latter on today ..

@Borkason
Collaborator

From lnu...@gmail.com on March 09, 2009 19:12:47
Well after a good weekend reading and trying to debug this
I got to the point where If I request :
http://server/aaa the browser waits some time then shows an error for connection closed

if I request http://server/aaa/ all works fine

Same result for HTTP or HTTPS
Django has a middleware that adds a trailing slash and this works perfect with 0.98.1

I'm working with django 1.0.1 and the last tests where with SVN b2947

@Borkason
Collaborator

From lnu...@gmail.com on March 09, 2009 19:13:51
The error is :

Connection Interrupted

The connection to the server was reset while the page was loading .

@Borkason
Collaborator

From alobbs on March 09, 2009 19:26:21
Leonel, what does comment #​7 (Github: #86) to do with this issue? :-?

@Borkason
Collaborator

From lnu...@gmail.com on March 09, 2009 19:42:50
comments 6 and 8 are the real bug
I believed that was for the ssl since the I was accesing the page with ssl
that's why I reported this first as a ssl related bug with the 0.99 series
then did all that traces and tried to find the issue.

and the issue is this the trailing /

@Borkason
Collaborator

From lnu...@gmail.com on March 10, 2009 02:01:37
Sniffing with wireshark I've found a difference in the response between 0.98.1 and
SVN and as I've already said 0.98.1 works fine.

0.98.1 before responding the 301 Moved permanently
sends a

[ TCP segment of a reassembled PDU ]

I don't know what it means but the packet has all the redirection information

SVN version does not send that TCP segment
Just the 301 information.

The 2 cherokees are pointing to the same Information source .

Saludos

@Borkason
Collaborator

From lnu...@gmail.com on March 11, 2009 04:46:51

checking what changed from 0.98.1 to 0.99.X that triggered me with this error
I've restored in my SVN b2947 test code this change :

http://lists.octality.com/pipermail/cherokee-commits/2009-February/002603.html

and .. all worked fine as with 0.98.1 with the backslash redirection

Saludos ..

@Borkason
Collaborator

From lnu...@gmail.com on March 11, 2009 06:45:38
I have another app that when you do a request like :

http://server/ if you are logged in does a redirect to http://server/foo/

with 0.99.X does not work that redirect and the browser sits there waiting then
connection reset ..

with the edited cherokee as said on comment 12 is working fine ..

All this issue is because of redirect with

@Borkason
Collaborator

From skar...@gmail.com on March 18, 2009 07:16:02
lnunez: Good catch! ;)

@Borkason
Collaborator

From alobbs on March 18, 2009 09:48:24
Leonel, this has been fixed in 0.99.5, right?

@Borkason
Collaborator

From lnu...@gmail.com on March 18, 2009 12:42:12
tested with svn b2984 and now with 0.99.5 and redirects are working fine now

Thank you

@Borkason Borkason closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.