We've run into a bug with AOLserver 4.5.1 / nsopenssl 3.0beta26. The bug is fully documented here:
https://sourceforge.net/tracker/?func=detail&aid=2822117&group_id=3152&atid=103152 But the short version is that when using the nsopenssl client-side routines (e.g. ns_httpsget), the result may be truncated if the client starts reading before all of the data has been received. This bug ONLY occurs with an AOLserver client (any version) running against an AOLserver 4 / nsopenssl 3.0beta26 server. We've reproduced the bug on RHEL4, RHEL5, and Mac OS X. The bug is easily demonstrated by copying the file I've attached to this message (sslbug.tcl) to the top-level context of a web server running AOLserver 4.x/nsopenssl 3.0beta26 and then navigating to https://<server>/sslbug.tcl. If you comment out the ns_httpsget and use ns_httpget instead, you'll see that the bug disappears. We've done a lot of instrumenting of nsopenssl/AOLserver, but haven't been able to track down the root cause. It seems likely that it's related to data buffering, which seems like it would be occurring within AOLserver or Tcl...but the issue is definitely specific to SSL, which implies that it's something in nsopenssl 3.0beta26. Does anyone have any idea what might be causing this problem? - John -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
sslbug.tcl
Description: Binary data
