On Mon, Feb 1, 2016 at 11:50 PM, Joachim Achtzehnter <joac...@kraut.ca> wrote:
> The Wireshark trace confirms what one may have predicted from the
> observed symptoms. There is no response from the server to the GET
> request on the wire.
There are some missing TLS records from the server during handshake,
OpenSSL does not seem to flush appropriately, still...
Could you please try this new (attached) patch?
If it does not work better (it should), could you change the "#if 0"
to "#if 1" in bio_filter_in_read(), and retry?
Thanks for providing the log output with the new change(s).
Regards,
Yann.
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c (revision 1727923)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -147,6 +147,9 @@ static int bio_filter_out_flush(BIO *bio)
bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
apr_bucket *e;
+ ap_log_cerror(APLOG_MARK, APLOG_NOTICE, 0, outctx->c,
+ "bio[%pp] out: FLUSH", bio);
+
AP_DEBUG_ASSERT(APR_BRIGADE_EMPTY(outctx->bb));
e = apr_bucket_flush_create(outctx->bb->bucket_alloc);
@@ -187,7 +190,6 @@ static int bio_filter_out_write(BIO *bio, const ch
{
bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
apr_bucket *e;
- int need_flush;
/* Abort early if the client has initiated a renegotiation. */
if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
@@ -216,15 +218,16 @@ static int bio_filter_out_write(BIO *bio, const ch
* be expensive in cases where requests/reponses are pipelined,
* so limit the performance impact to handshake time.
*/
-#if OPENSSL_VERSION_NUMBER < 0x0009080df
- need_flush = !SSL_is_init_finished(outctx->filter_ctx->pssl);
-#else
- need_flush = SSL_in_connect_init(outctx->filter_ctx->pssl);
-#endif
- if (need_flush) {
+ if (!SSL_is_init_finished(outctx->filter_ctx->pssl)) {
+ ap_log_cerror(APLOG_MARK, APLOG_NOTICE, 0, outctx->c,
+ "bio[%pp] out: flush %d bytes", bio, inl);
e = apr_bucket_flush_create(outctx->bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(outctx->bb, e);
}
+ else {
+ ap_log_cerror(APLOG_MARK, APLOG_NOTICE, 0, outctx->c,
+ "bio[%pp] out: pass %d bytes", bio, inl);
+ }
if (bio_filter_out_pass(outctx) < 0) {
return -1;
@@ -473,6 +476,18 @@ static int bio_filter_in_read(BIO *bio, char *in,
return -1;
}
+#if 0
+ if (!SSL_is_init_finished(inctx->filter_ctx->pssl)) {
+ bio_filter_out_ctx_t *outctx = inctx->bio_out->ptr;
+ ap_log_cerror(APLOG_MARK, APLOG_NOTICE, 0, outctx->c,
+ "bio[%pp] in: flush %pp", bio, inctx->bio_out);
+ if (bio_filter_out_flush(inctx->bio_out) < 0) {
+ inctx->rc = outctx->rc;
+ return -1;
+ }
+ }
+#endif
+
if (APR_BRIGADE_EMPTY(inctx->bb)) {
inctx->rc = ap_get_brigade(inctx->f->next, inctx->bb,
@@ -499,6 +514,10 @@ static int bio_filter_in_read(BIO *bio, char *in,
inctx->rc = brigade_consume(inctx->bb, block, in, &inl);
+ ap_log_cerror(APLOG_MARK, APLOG_NOTICE, inctx->rc,
+ SSL_get_app_data(inctx->filter_ctx->pssl),
+ "bio[%pp] in: read %" APR_SIZE_T_FMT "bytes", bio, inl);
+
if (inctx->rc == APR_SUCCESS) {
return (int)inl;
}
