After upgrading from 2.4.12 to 2.4.18 we find that some requests for
files cause a lock-up when HTTPS is used, but not with plain HTTP. After
some debugging it seems the problem is that the mod_ssl no longer
explicitly flushes the output it produced before going back to reading a
new request on the same connection.
This is a 32-bit Intel Linux platform, and by stepping through the
mod_ssl output filter in the debugger I can see that the files that
cause problems are being read by Apache using the mmap approach.
Restoring the explicit flushing from 2.4.12 gets the 2.4.18 version of
mod-ssl working for us. Here is the patch:
--- ssl_engine_io.c.orig 2015-11-19 11:55:25.000000000 -0800
+++ ssl_engine_io.c 2016-01-31 17:22:54.586227441 -0800
@@ -466,6 +466,21 @@
return -1;
}
+ /* In theory, OpenSSL should flush as necessary, but it is known
+ * not to do so correctly in some cases; see PR 46952.
+ *
+ * Historically, this flush call was performed only for an SSLv2
+ * connection or for a proxy connection. Calling _out_flush
+ * should be very cheap in cases where it is unnecessary (and no
+ * output is buffered) so the performance impact of doing it
+ * unconditionally should be minimal.
+ */
+ if (bio_filter_out_flush(inctx->bio_out) < 0) {
+ bio_filter_out_ctx_t *outctx = inctx->bio_out->ptr;
+ inctx->rc = outctx->rc;
+ return -1;
+ }
+
BIO_clear_retry_flags(bio);
if (!inctx->bb) {
