Apache 1.3.12/mod_ssl 2.6.2 on Win/NT. I built the software from the OpenSA
0.20 source distribution in debug mode.
Description:
When accessing the standard Apache root page: https://myserver/, there are
intermittent traps (Access error due to bad pointer). I trapped the
exception in the MSVC debugger. Trap details follow:
- trap is in ap_ctx_get()/ap_ctx.c; the cause is a bad ap_ctx pointer passed
in parameter 1.
- call is from ssl_io_suck_read()/ssl_engine_io.c - line 252. The code is:
================================================================
static int ssl_io_suck_read(SSL *ssl, char *buf, int len)
{
ap_ctx *actx;
struct ssl_io_suck_st *ss;
request_rec *r = NULL;
int rv;
actx = (ap_ctx *)SSL_get_app_data2(ssl);
if (actx != NULL)
r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
rv = -1;
if (r != NULL) {
ss = ap_ctx_get(r->ctx, "ssl::io::suck"); <== error point
================================================================
Examining the data elements, it appears that actx is "ok" in that
actx->cr_entry.ce_key points to "ssl:request_rec". The ce_val pointer is
what is assigned to pointer 'r'.
The contents of *r (request_rec) look suspcious as most of the fields appear
uninitialized, garbage, or null. The only subfield that looks ok is
r->htaccess.dir, which points to my ServerRoot. r->ctx is evidently not
initialized, which causes the execption in the subsequent call.
FWIW, the request_rec pointer r is different from the request_rec pointer in
read_request_line()/http_protocol.c further back in the call stack.
I also see that while Apache is suspended in debug, my browser is showing
the HTML portion of the Apache root page but with no images.
I don't know if this is enough info to suggest where the problem might lie.
Final question:
The comments in ssl_engine_io.c state that the ssl_io_suck* routines are
provided to allow SSL renegotiation on a per-directory basis. I'm not too
sure what this means, but I don't think I need it (ie., I'm not adding
per-directory SSL directives such as requiring client certs). Therefore it
appears that I can re-compile sl_engine_io.c with a -D SSL_CONSERVATIVE
directive. Is there any reason that this would not be a reasonable
workaround? Also, would I need to compile all of mod_ssl with this
definition, or only this individual source?
regards
Kirk
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
