William A. Rowe, Jr. wrote:
This looks like a bug fixed in the apache 2.1 tree (the current CVS Head of the httpd-2.0 repository.)
I checked the CVS repository and found the fix you are referring to. Apparently this was already backported to the 2.0 branch (2.0 diff
> attached). We patched the Apache 2.0, but the problem is not fixed. > Is this the only patch that is needed?
The problem also only occurs when use our custom hook. The Apache process does not hang when using standard CA auth.
More information: The race occurs in ssl_io_input_getline():
while (tmplen > 0) {
status = ssl_io_input_read(inctx, buf + offset, &tmplen); if (status != APR_SUCCESS) {
return status;
}*len += tmplen;
if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
break;
} offset += tmplen;
tmplen = buflen - offset;
}in our case (SSL_CVERIFY_CUSTOM) the ssl_io_input_read() call returns 0, but nothing was read (char_buffer_read() returns 0, because buffer->length is 0), so no LF character found. If we use SSL_CVERIFY_REQUIRE, the ssl_io_input_read() call returns an error (20014, sometimes 70014), and we break out of the loop. Can anyone explain this difference in behaviour?
-- ir. Kris Verbeeck Software Engineer
Ubizen - Ubicenter - Philipssite 5 - 3001 Leuven - Belgium T: +32 16 28 70 64 F: +32 16 28 70 77
Ubizen - We Secure e-business - www.ubizen.com
