Re: Bug+Patch: mod_ssl 2.8.22 ssl_io_suck() timeout handling

Wed, 06 Jul 2005 01:28:55 -0700 

On Mon, Jun 27, 2005, Douglas K. Fischer wrote:

> In debugging a number of issues we encountered on some of our web
> platforms, I discovered that the "presucking" routine in mod_ssl
> handles the timeout of pre-sucking the POST data in such a manner that
> the entire POST body must be read within the Timeout value (per the
> Apache conf). This seems contrary to the handling of POST reading,
> especially per mod_perl's handling of this, as well as the manner in
> which Apache handles writing of data. In both of these cases a call to
> ap_reset_timeout() is used in between successful reads/writes to reset
> the timeout. This allows a large and/or slow transfer to succeed,
> provided that data is  read/written at such a pace that some chunk is
> sent/received within the Timeout value. Without such a reset, either
> the Apache Timeout value has to be set to a very high number, or else
> slow/large transfers will always fail if a pre-suck is required.
>
> Correcting this requires a simple 1-line patch to ssl_engine_io.c,
> listed below.
>
> --------------------------------------------------------------------------
> diff -Pur mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c
> mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c
> --- mod_ssl-2.8.22-1.3.33.orig/pkg.sslmod/ssl_engine_io.c       Sat
> Jul 17 02:52:22 2004
> +++ mod_ssl-2.8.22-1.3.33/pkg.sslmod/ssl_engine_io.c    Mon Jun 27
> 12:32:10 2005
> @@ -228,6 +228,7 @@
> ~             while ((len = ap_get_client_block(r, buf, buflen)) > 0) {
> ~                 ssl_io_suck_record(r, buf, len);
> ~                 sucked += len;
> +                ap_reset_timeout(r);
> ~             }
> ~             ssl_io_suck_end(r);
> ~             ap_kill_timeout(r);
> --------------------------------------------------------------------------

Ok, finally taken over for inclusion into mod_ssl 2.8.23.
Thanks for your feedback.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to