On Tue, Jan 13, 2004 at 04:43:07PM -0600, Ben Collins-Sussman wrote: > > Hello, Apache folk. After showing this bug to gstein, iholsman, and > others in IRC, I fear I may have found a real bug. It has something > to do with SSL, but it's not clear whether this is a bug in the Neon > library, OpenSSL, mod_ssl, or httpd itself. > > Client is: Redhat 9, svn 0.36.0 using neon 0.24.4 / OpenSSL 0.9.7a > Server is: apache-2.0.48 / mod_dav_svn 0.35.1 / OpenSSL 0.9.6b > > The reproduction recipe: > > * the subversion client connects to apache via https:// > > * client and server successfully exchange certificates > > * client begins committing a large number of new files: > (MKACTIVITY, followed by a really long stream of PUT and > PROPPATCH requests...) > > * while the commit is in progress, I run 'apachectl graceful' > > * I watch the errorlog, and see that it takes about 5-10 seconds for > the graceful signal to complete, but it completes successfully. > > * soon afterward, the subversion commit stops in its tracks; neon > eventually times out. (If I never run 'apachectl graceful', then > the commit finishes successfully.)
Is there still a TCP connection between the client and server at this point? If so, you can identify the server child in question via the server-status output or "netstat -pt", and strace the process to see what it's doing. ... > It looks like something ssl-related on the server has "timed out" and > is trying to renegotiate the ssl session, but is failing. The server > keeps trying to read bytes in the ssl negotiation, and is getting a > premature EOF in some sort of infinite loop. This is just the effect of the graceful restart: it is making a bunch of dummy connections to the children to get them to wake up; these are hitting the SSL vhost and causing the error_log spam. If you re-order the Listen statements in your httpd.conf so "Listen 443" is before "Listen 80", then the dummy connections should hit the port 80 vhost instead, and remove the spam. So I'd retry like that and see if the error log output is more useful. The neon debug log output might also help. Regards, joe
