Neil and Timur: Thanks for detailed information about the problem. So far, I haven't managed to replicate the problem on my machine. Do you have any hints on how to configure Apache to trigger the problem or a server that I might try?
I've tried connecting to an Apache servers running on 64-bit Mac OS X and 32-bit Linux. I tried connecting to "localhost", and I tried bouncing the connection through `ssh -L ... -R ...' to distant hosts. All of those configurations worked. Meanwhile, I'm pretty sure that I'm setting up client verification correctly, since the connection fails if I mangle the certificate configuration on the client side. I wonder whether there's some other feature in Apache I could turn on that would trigger problems. At Tue, 28 Feb 2012 18:41:23 -0500, Neil Van Dyke wrote: > Timur Sufiev wrote at 02/27/2012 08:58 AM: > > [...] Raw ports were wrapped with SSL successfully, but then program > > has hung up between 2 last actions: sending the request to server and > > reading its reply. Further investigation showed that in the course of > > SSL processing the server had requested session renegotiation from the > > client and would provide it with requested data if the client sent > > negotiation info to server. [...] > > This sounds like a problem that I had over a year ago with having Racket > (PLT Scheme) send HTTPS client certificates: > http://lists.racket-lang.org/users/archive/2010-September/041519.html > > I did not solve that exact problem. A consulting client had an urgent > need, so I worked around the problem by making a Racket module that > provided an abstraction over external "curl" processes, and used that > module instead. (Which also probably increased app performance, when > that client moved to Web SCGI with Racket and added some new behavior, > since large HTTPS and file I/O that happened in the background of Web > requests could bypass the Racket process and could also be scheduled by > the host OS on other processors.) That particular Racket "curl" module > is not currently open source, but you might find a similar Racket > library, or implement your own simple library pretty easily. > > Also, a tip on one way to decrypt the SSL traffic: > http://www.neilvandyke.org/weblog/2010/09/#2010-09-12 > > Neil V. > > -- > http://www.neilvandyke.org/ > > _________________________ > Racket Developers list: > http://lists.racket-lang.org/dev _________________________ Racket Developers list: http://lists.racket-lang.org/dev
