Hi,
Just wanted to update y'all - I traced down the bottleneck to
mod_specweb99.c. The bottleneck is caused by the POST CAD_GET
transactions. If I eliminate the POST CAD_GET from the SPECweb99 requests,
I don't see any spiky activity - the CPU usage is steady at 100%.
More
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
[SNIP]
Two possibilities:
* the command/Fetch URI is stuck also, or
I don't think the client did any Fetch when apache stopped.
* something died holding the post lock, and it didn't get
automagically cleaned up.
I
-Original Message-
From: Sander Temme [mailto:[EMAIL PROTECTED]
[SNIP]
There's one more thing I noticed (might be specific to
HP-UX) : I saw more
errors with keepalive ON rather than when it was OFF.
I think you may be looking at a problem where server and client(s) are
messing with
Hi,
I'm trying to run the SPECweb99 against Apache (on a 1-way box).
I noticed that if I start one server process with a large number of threads
(1000), the server goes into a heavily sleep state (with around 80 % idle
time).
A first guess is that I'm using SysV semaphores, and a semlock
-Original Message-
From: Cliff Woolley [mailto:[EMAIL PROTECTED]
[SNIP]
On Wed, 3 Dec 2003, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
instead of having the worker threads compete for the
incoming connections
(using ap_queue_pop .. and hence mutex_lock), assign the
connection
To: [EMAIL PROTECTED]
Subject: Re: Regarding worker MPM and queue_push/pop
On Dec 4, 2003, at 9:18 AM, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
-Original Message-
From: Cliff Woolley [mailto:[EMAIL PROTECTED]
[SNIP]
On Wed, 3 Dec 2003, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1
-Original Message-
From: Bill Stoddard [mailto:[EMAIL PROTECTED]
[SNIP]
Are you using CGI scripts? (an aside... if so better be
using mod_cgid rather than mod_cgi with worker). Jeff may
have already pointed out to you a feature in the
AIX that would keep threads hanging around an
-Original Message-
From: Jeff Trawick [mailto:[EMAIL PROTECTED]
[SNIP]
While researching the AIX issue affecting mod_cgid, in which
kill() would not
report that a process was gone until up to 1 second after it
exited*, I
constructed a test program to expose the delay without using
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
[SNIP]
I'm glad you're making progress. But I'm wondering why
raising the mod_cgid
Listen backlog was so important. If 100 mod_cgid connections
wasn't enough at
some point, either the workload is spikey or the
+0x490 ()
from /usr/lib/hpux64/libpthread.so.1
Any ideas ?
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 9:07 AM
To: 'dev@httpd.apache.org'; [EMAIL PROTECTED]
Subject: RE: Regarding Apache 2.0.48
.. added a snipped of the cgi.log that I got after that daemon exited.
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2003 11:06 AM
To: '[EMAIL PROTECTED]'
Cc: dev@httpd.apache.org
Subject: RE: Regarding
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
[SNIP]
cgid should _never_ exit without something in the error log.
That makes it
sound like a core problem, i.e. ap_process_child_status() or a
signal handler is
fubar, in addition to whatever made the cgi daemon
.. added a snipped of the cgi.log that I got after that daemon exited.
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2003 11:06 AM
To: '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Regarding Apache
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Regarding Apache 2.0.48 and specweb99
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
Hi Greg,
The recent set of discussions prompted me to get some
Apache numbers
out there - and when I started with the SPECweb99 run, I
Oh.. BTW I hope you're also using worker MPM .
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2003 2:58 PM
To: '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: Regarding Apache 2.0.48 and specweb99
-Original Message-
From: Matthieu Estrade [mailto:[EMAIL PROTECTED]
[SNIP]
But when you give feedback, review code, and post patch and nothing
happen then... It's not easy to continue this way =)
Maybe my feedback and mails aren't good, so in this case i understand
more... but with no
Disclaimer : Not targetting any one individual
I have a question to the people have lots of time to write such long mails
and responses - why can't you instead spend that time to review patches and
give feedback ?
It sure will improve the life of httpd-dev.
Thanks
-Madhu
-Original
Is this a bug or what ?. Why do we have SAX/DOM/XML related bugs being sent
out the [EMAIL PROTECTED] ?.
-Madhu
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 28, 2003 7:22 AM
To: [EMAIL PROTECTED]
Subject: Bug report for Apache httpd-2.0
Hello,
I've been running into strange problems while using mod_cgi /
mod_cgid. Any ideas what might be happening ?.
CASE 1: mod_cgi hangs but works with mod_cgid
#!/bin/sh
echo Content-type: text/html\n\n htmlbody
/usr/sbin/ping SOME_HOST_YOU_CAN_PING -n 5
echo /body/html
CASE 2:
Hi,
When I tried to patch 2.0.47 with the mod_cgid restart patch, I got
several SEGV's while running the Apache Perl-framework tests.. The error (I
believe) is because of the way in which the memory for procnew data
structure is allocated in cgid_init().
As I understand, the
FYI...
-Madhu
-Original Message-
From: Sander Striker [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 23, 2003 2:05 PM
To: [EMAIL PROTECTED]
Subject: RE: Apache 2.1 Alpha Release
From: Aaron Bannert [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 23, 2003 10:40 PM
If making a
Please disregard. I intended to send to a collegue of mine.
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 24, 2003 11:20 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Apache 2.1 Alpha Release
FYI...
-Madhu
Hi,
Question : Why do we define regoff_t as typedef int regoff_t in
srclib/pcre/pcreposix.h ? I expected it to be a 'size_t' instead.
-Madhu
, June 23, 2003, at 10:32 AM, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) wrote:
It'll be nice if somebody can please review the patch and give me the
feedback..
I think that the below should wait until after 1.3.28.
Hi Peter,
When you do a tusc, do you see the process looping on 'sendfile' ?.
If 'yes', I believe it's a transport layer bug (and we need some system
information), and I've been trying to duplicate it for the last couple of
months, without any success. It'll be nice if I can get access to
It'll be nice if somebody can please review the patch and give me the
feedback..
Thanks
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2003 12:02 PM
To: '[EMAIL PROTECTED]'
Subject: Apache 1.3.x - Problem
-Original Message-
From: Justin Erenkrantz [mailto:[EMAIL PROTECTED]
[SNIP]
On this same tangent, do we need to be doing all of the CRYPTO_lock
stuff?
I don't believe we are doing that. And, I know in flood, we had lots of
problems until we called them. So, I think mod_ssl should be
Rahul,
If you have any HP Apache specific bug reports / questions, can you
please send a mail to me (instead of sending mails to [EMAIL PROTECTED]) ?.
I'll try and help you to resolve the problem at the earliest (or find you
someone to address the problem).
Thanks
-Madhu
-Original
Hi,
I'm running the litmus test for WebDAV (with Apache 2.0.46), and
seeing a strange behaviour. The tests pass for 64-bit (PA-RISC arch., OS Ver
11.23 / 11.11), 64-bit (IA64 arch., OS Ver 11.22), but dumps core on 64-bit
(IA64 OS Ver 11.23). (The same tests were passing with 2.0.45)
Any
,
@@ -2080,7 +2080,7 @@
}
-static const dav_hooks_liveprop dav_hooks_liveprop_fs =
+static dav_hooks_liveprop dav_hooks_liveprop_fs =
{
dav_fs_insert_prop,
dav_fs_is_writable,
Thanks
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED
PROTECTED]
Sent: Tuesday, June 10, 2003 5:06 PM
To: [EMAIL PROTECTED]
Subject: Re: Help with DAV SEGV
Those structures should remain 'const'. Please don't apply this patch.
Thanks,
-g
On Tue, Jun 10, 2003 at 07:33:27PM -0400,
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
I think we've identified
+1
(BTW, do ppl have objections to have BIND_VERBOSE option for shl_load in
httpd-2.0/apr side. I was planning to introduce it, as it helps a lot to
debug unresolved symbols)
-Madhu
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003
The following perl-framework seem to be failing for me. Anybody else with
similar problem ?.
modules/deflate.1..3
testing default
not ok 1
# Failed test 1 in modules/deflate.t at line 36
not ok 2
# Failed test 2 in modules/deflate.t at line 36 fail #2
not ok 3
# Failed test 3 in
Is there any way of telling libtool to NOT use gcc/cc for linking. Instead,
use ld ?. libtool 1.4.3 seems to have problems on HP-UX. When I use 1.4,
everything seems to work just fine.
--Madhu
-Original Message-
From: Thom May [mailto:[EMAIL PROTECTED]
Sent: Monday, March 31, 2003 1:00
This is probably the cause.
[If strnicmp is available on a platform, but strncasecmp is not, then it's
#defined in apr_general.h]
--Madhu
Index: mod_auth_ldap.c
===
RCS file:
Hi,
I keep getting the following message. Any ideas ?.
/home/madhum/httpd-2.0/srclib/apr/libtool[362]: od: not found.
--Madhu
Oh. forget it. My path was configured wrongly :(.
--Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 2:14 PM
To: '[EMAIL PROTECTED]'
Subject: WROWE_2_0_45_RC1: od not found
Hi,
I keep getting
+1 on removing shmht
- It is more complicated, doesn't provide any more features/performance than
shmcb and has been having problems ('cause it was not completely developed).
+1 on removing from the 2.0
- not working/buggy code causes more user confusions/frustration, so it's
best removed ASAP
-
Huh !!.. I've tried building using OpenSSL 0.9.7 (and 0.9.6i,g,h,e,b).. I
guess there's some problem with the configure [not able to recognize OpenSSL
vs SSL-C, and hence not defining the -DHAVE_OPENSSL flag].
Since my knowledge of building on windows is limited, can you please try the
following
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
[snip]
Visual C++ 6.0 compiler so I never run buildconf :-(
Well, basically, the configure script has to be re-generated. I don't know
how it's to be done without running buildconf.
Win32 experts, can you please help
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
Yes - all the way back. They provided patches for the older versions,
but RSA seems to be less and less enthusiastic about patching the
ancient 2001 and prior releases, e.g 1.2/1.3.
:) Yup. I had a similar
-Original Message-
From: Justin Erenkrantz [mailto:[EMAIL PROTECTED]
Also, when you commit, please just toss the old macro. There is zero
sense in
keeping the cruft around. -- justin
Sure.. will do.
P.S. Madhu, *please*, *please*, *please* use unified diffs in the future.
Hi,
On a lighter note :).. I would think Move entries to the
current... would be more appropriate than Remove ..
-Madhu
$ head -3 CHANGES
Changes with Apache 2.1.0-dev
[Remove entries to the current 2.0 section below, when backported]
I tried the patch, and it seemed to work fine for me (and it's more cleaner
than what we have today).
- I don't know how SSL-C will be broken with this patch
- Anybody out there using SSL-C ?
- I have a patch to get SSL-C to work with mod_ssl.. I'll have to dust it
out, before posting the patch.
-Original Message-
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 2:38 PM
To: [EMAIL PROTECTED]
Cc: Madhusudan Mathihalli
Subject: Re: [PATCH] openssl configuration (v2)
Hi Madhu,
Thanks for giving the latest incarnation a review.
* MATHIHALLI,MADHUSUDAN (HP
unaware of it]
-Madhu
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 9:03 PM
To: [EMAIL PROTECTED]
Cc: 'Geoff Thorpe'; [EMAIL PROTECTED]; MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1)
Subject: RE: [PATCH] openssl configuration (v2)
Madhu, I
Hi,
I was trying to debug the shmht caching, and got the following SEGV. Thr
problem was also pointed out in
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17864..
I've attached a patch, to fix the problem.
(With this patch, we'll be in sync with the ssl_util_table.c from mod_ssl
for
-Original Message-
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]
[SNIP]
The current version checks are
implemented in a cock-eyed fashion and are also out of date (0.9.6e used
to be a meaningful cut-off point, but that has changed more recently).
I agree that the current check is
I haven't gone through the entire stuff, but some quick questions, based on
your patch :
1. I thought we should not be enforcing openssl version number checks
(something like - openssl version SHOULD be 0.9.6i) - mainly because ppl.
can apply patches to their previous versions of OpenSSL, and
Cool.. (although I haven't tested it,) +1 for the idea.
-Madhu
-Original Message-
From: Jim Jagielski [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 22, 2003 8:51 AM
To: [EMAIL PROTECTED]
Subject: Fix for SSLMutex bogusness
Of course for 2.1, but also for 2.0 as well... Right now,
]
Subject: Re: SPEC / mod_specweb99.c
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
Hi,
Does anybody know if the mod_specweb99.c been 'blessed'
by the SPEC
committee ?..I mean, have they acknowledged that the module
acts in a SPEC
compliant manner?
No, they have not blessed it.
I had
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
inl happens to be a 'int' type, and apr_size_t is a 'long'..
I patterned brigade_consume after brigade_read. Personally,
I'd like to see
inl become apr_size_t, v.s. the alternative.
It's trying to ensure that
).
Except that, I never encountered any other problem...
Thanks for any help you can find !
Thomas.
-Message d'origine-
De : MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:[EMAIL PROTECTED]]
Envoyé : mercredi 12 février 2003 19:27
À : '[EMAIL PROTECTED]'
Objet : RE: Problem with SSL in 64
I have been having problems with shmht (haven't looked into it for ages). Do
you get the same problem even with shmcb ?.
-Madhu
-Original Message-
From: Adam Sussman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 3:48 PM
To: [EMAIL PROTECTED]
Subject: Seg Fault on first SSL
Title: Problem with SSL in 64 bit build on Solaris
Question : Did you run into any problems when
you used Apache (not 2.0.44) + OpenSSL in 64-bit mode
earlier ?
I'm asking this because I remember having run into a
64-bit porting issue with OpenSSL (long time back, on HP-UX) - like a file
Cool..
Can you please post the patch to the list, so that ppl can review the code,
and give their comments.
-Madhu
-Original Message-
From: Maik Mueller [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 11, 2003 11:26 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
I agree with Noah.. Moreover, we've removed the BIND_NOSTART from our
version (both 1.3 and 2.x), and not had any problems so far.
As regards enabling dlopen instead of shl_load, I think you can do it using
a engineered config.cache file, and then giving it to configure..
-Madhu
-Original
Ah.. I think I know why I did not see the problem.. On hp-ux, perl 5.8.0
comes inbuilt with Net::SSLeay, and any Net::SSL is satisfied by the
Net:SSLeay rather than from Crypt::SSLeay.. Net::SSLeay doesn't have this
problem of not initializing the library.
-Madhu
-Original Message-
From:
Hi,
+1 for the patch.
We've been using BIND_VERBOSE in our code, and has not created a problem
till now. The shl_load looks like :
dso.c:122:shl_t os_handle = shl_load(path, BIND_IMMEDIATE|BIND_VERBOSE,
0L);
Here are my notes for building apache when using C++ modules :
1. Use
Hi,
I was thinking of putting the following in the README.platforms..
Any comments ?.
Thanks
-Madhu
$ cvs diff README.platforms
Index: README.platforms
===
RCS file: /home/cvspublic/httpd-2.0/README.platforms,v
retrieving
: Re: [PATCH] README.platforms for HPUX /C++ modules
At 02:10 PM 1/30/2003, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
Hi,
I was thinking of putting the following in the
README.platforms..
Any comments ?.
+ (1) Recommended : Use the shl_load to do the module
loading/unloading
I've been using 0.45 with a older version of openssl 0.9.6f - I can try the
latest openssl today..
-Madhu
-Original Message-
From: Cliff Woolley
To: [EMAIL PROTECTED]
Sent: 1/29/03 12:50 AM
Subject: Crypt::SSLeay
Has anybody out there managed to get Crypt::SSLeay to do anything but
I just compiled 0.45 with OpenSSL 0.9.7, and the only error that I'm seeing
is :
ssl/varlookupok 27/72# Failed test 28 in
/tmp/madhum.perl_framework/httpd-test/perl-framework/Apache-Test/lib/Apache/
Test.pm at line 46 fail #28
and I'm not seeing any seg fault type messages in the
I had a couple of inputs here : I was talking to our specweb person, and he
had the following views :
1. most modern day os'es cache the files, and not do a disk io for every
single file request. (duh !!.)
2. when doing writes, do a 64M block writes, instead of write to disk every
time.. (Lazy
-Original Message-
From: Bill Stoddard [mailto:[EMAIL PROTECTED]
[snip]
You probably need to mutex updates to your global variable, which will
probably suck out most of your performance gains.
That is correct.. The assumption I had is : timestamp is done once per
request, and since there
Hi,
The following is the tusc output of httpd (2.0.43) + mod_specweb99.c
on HP-UX.. Almost every single request has a gettimeofday system call - is
there any way to avoid it ?. I haven't searched the archives if this
question has already been asked several times - so, please excuse me
time would meet the spec and
be easier than your alternatives...
Dave
- Original Message -
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 23, 2003 4:05 PM
Subject: RE: gettimeofday calls
I don't know if this has been
]
Subject: Re: [PATCH] Style police for mod_specweb99.c
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
Summary of the patch :
1. convert tabs to spaces
2. try to follow apache styleguide
Overall, a big improvement...thanks much!
nitpicky comments follow:
--- mod_specweb99.c 15 Jan 2003
Yep.. The older logic was initializing the bSkipFirst = FALSE. Although I
haven't tested the fix, the logic seems to be broken b/w r1.69 and r1.70
(unless it was done deliberately)
$ cvs log ssl_engine_init.c
...
revision 1.70
date: 2002/03/28 01:07:20; author: dougm; state: Exp; lines: +52
ah ha.. I've seen this on HP-UX also.. The problem (as Aaron/Pier mentioned)
is because the LD is not gcc aware, and is not (cannot be) intelligent
enuf to link libgcc.a automatically. I was thinking it's a HP-UX specific
problem - looks like it's common to other platforms also :-).
Here's what I
I'd recommend that you link the OpenSSL library statically with mod_ssl (i
mean, use libssl.a and libcrypto.a)..
-Madhu
-Original Message-
From: EMRE KUNT (Ebi Bsk. - Sistem Prog) [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 03, 2003 4:20 AM
To: [EMAIL PROTECTED]
Subject: Need Help
Hi,
I was recently browsing the mod_snmp site, and noticed that there
has been no development of mod_snmp for Apache 2.x. (I know it's not the
correct mailing list for mod_snmp questions).. I was wondering if ppl. are
still using it or are there new/different methods of monitoring the
same on HP-UX also.. This is how it looks :
/* Cross process serialization techniques */
/* #undef USE_FLOCK_SERIALIZE */
#define USE_SYSVSEM_SERIALIZE 1
/* #undef USE_FCNTL_SERIALIZE */
/* #undef USE_PROC_PTHREAD_SERIALIZE */
/* #undef USE_PTHREAD_SERIALIZE */
/* #undef POSIXSEM_IS_GLOBAL */
/*
I started seeing the following errors in the specweb99 run output, when I
use mod_specweb99.c with Apache 2.0.43 and worker MPM. The following patch
seems to get rid of the problem. If you're thinking that it may degrade the
response - I did not find much difference though.
Can somebody please
for using flocks() vs process shared mutexes for HP-UX, and see if
we can get performance difference..
-Madhu
-Original Message-
From: Sander Temme [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 11, 2002 10:17 AM
To: test dev httpd.apache.org; MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1
Is it okay to have something like this in the Apache documentation ?. I mean
- just mention about who wrote mod_ssl, but not something like send all
negative feedback to ...
my 2c,
-Madhu
From : http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
Please send any postive feedback to Frederick
I couldn't look much into it (because of some other thing that came up), but
the perl-framework gives a failure at :
ssl/httpresponse had protocol HTTP/0.9 (headers not sent?) at
/tmp/madhum.perl_framework/httpd-test/perl-framework/Apache-Test/lib/Apache/
TestRequest.pm line 405.
Oops - sorry about (2). I realized that it *has* to be that way after I hit
the enter button.
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
Sent: Wednesday, October 30, 2002 7:58 PM
To: '[EMAIL PROTECTED]'
Cc: jeff Trawick; MATHIHALLI,MADHUSUDAN (HP
-Original Message-
From: Justin Erenkrantz [mailto:jerenkrantz;apache.org]
Sent: Wednesday, October 30, 2002 8:52 PM
To: [EMAIL PROTECTED]
Subject: RE: SSL Input Filter bogosity
--On Wednesday, October 30, 2002 7:57 PM -0800 MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) [EMAIL PROTECTED] wrote
-Original Message-
From: Justin Erenkrantz [mailto:jerenkrantz;apache.org]
[snip]
-366,11 +371,11
BIO_bucket_flush(inbio-wbio);
}
-inbio-rc = APR_SUCCESS;
-
+BIO_clear_retry_flags(bio);
+
/* first use data already read from socket if any */
Hi,
Fixes the memory leaks introduced by mod_ssl due to inappropriate
use of SSL_get_peer_certificate() and X509_get_pubkey(). The patch is based
on the following mails in the mod_ssl community.
http://marc.theaimsgroup.com/?l=apache-modsslm=103571508214721w=2
modssl_PEM_read_bio_X509
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[EMAIL PROTECTED] writes:
-#define modssl_PEM_read_bio_X509 PEM_read_bio_X509
+#if (SSL_LIBRARY_VERSION 0x00904000)
+#define modssl_PEM_read_bio_X509(b, x, cb, arg)
PEM_read_bio_X509(b, x, cb)
+#else
+#define
source was done by Cliff / Justin / DougM. I do realize that they're
busy with other things also - but then, I've not seen many others doing any
development on the SSL front. So, whom do I approach to solicit any feedback
?.
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP
Okay here, it comes [complete patch]
Thanks
-Madhu
Index: CHANGES
===
RCS file: /home/cvspublic/httpd-2.0/CHANGES,v
retrieving revision 1.959
diff -u -r1.959 CHANGES
--- CHANGES 24 Oct 2002 15:47:31 - 1.959
+++ CHANGES
Hi Jeff,
Since you're reviewing the other mod_ssl patch, can you pl. review
the following patch also ?..
Thanks
-Madhu
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:madhusudan_mathihalli;hp.com]
Sent: Tuesday, October 22, 2002 11:05 AM
To: '[EMAIL
Based on Nadav Har'El's e-mail on the mod_ssl community
(http://marc.theaimsgroup.com/?l=apache-modsslm=103540998016916w=2),
here's a patch for 2.0's mod_ssl.
-Madhu
Index: ssl_engine_kernel.c
===
RCS file:
Some pieces of the code in ssl_util_ssl.c were not aligned properly - the
following patch makes it more readable.
-Madhu
Index: ssl_util_ssl.c
===
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
retrieving revision
I thought modssl_PEM_read_bio_X509 should cover the following cases for
OpenSSL API :
#if (SSL_LIBRARY_VERSION 0x00904000)
#define modssl_PEM_read_bio_X509 SOME WAY
#else
#define modssl_PEM_read_bio_X509 OTHER WAY
#endif
The following patch does something similar, and also changes one other
I noticed that there were some places where u_int32_t is being used instead
of apr_uint32_t. Is it purposefully done OR is it one of those Oh, the apr
interface changed stuff ?.
Anyways, I've included a patch that atleast gets the module to compile
against 2.0.43. Pl. let me know if it's okay.
Please tell me if I'm missing something here: when I tried to volunteer to
give apache binaries for HP-UX (around 6 - 8 months ago), I got back a
response that only the committers can produce the binaries.
Is somebody thinking of relaxing this restriction?
-Madhu
-Original Message-
For those interested,
on HP-UX, to get a program written in C to recognize C++ objects, the
c-program has to be linked with :
ON IA64 : -lCsup -lunwind
ON PA-RISC : cpprt0_stub.o, -lcl
$ cat cpprt0_stub.s
.code
; stubs for static constructors in a.out
With the recent vulnerabilities found in OpenSSL, I thought it'd make sense
for Apache to check for OpenSSL 0.9.6e or higher.
-Madhu
$ cvs diff acinclude.m4
Index: acinclude.m4
===
RCS file:
Thanks for pointing it out. I'd missed it completely (mainly because I
thought 0.9.7 is still in beta)
Here's an updated patch which checks specifically for 0.9.6e or
0.9.[7-9]*
$ cvs diff acinclude.m4
Index: acinclude.m4
===
RCS
Em Fri, Aug 09, 2002 at 09:58:03AM -0700, MATHIHALLI,MADHUSUDAN
(HP-Cupertino,ex1) escreveu:
With the recent vulnerabilities found in OpenSSL, I thought it'd make
sense
for Apache to check for OpenSSL 0.9.6e or higher.
And what about patched openssl versions? Given the notorious
binary
-Original Message-
From: Roy T. Fielding [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 09, 2002 3:03 PM
-1. Please revert the change. The purpose of the check is to identify
incompatible APIs, not security holes.
should apache be allowed to be built against a version of OpenSSL that
;
+
/*
* First make sure that no more data is pending in Apache's BUFF,
* because when it's (implicitly) flushed later by the ap_bclose()
---
-Original Message-
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto
Hi,
I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)
1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse
'just wondering if this might be helpful in determining the correct
libraries / include path when RSA SSL-C is used as SSL toolkit.
Thanks
-Madhu
Index: acinclude.m4
===
RCS file: /home/cvspublic/httpd-2.0/acinclude.m4,v
retrieving
+1 (if it counts)
-Madhu
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 29, 2002 10:43 PM
To: [EMAIL PROTECTED]
Subject: httpd-2.0 STATUS
* Port of mod_ssl to Apache 2.0:
The current porting state is summarized in
Yep. i think it's fixed.. Here's a output from one of the configure command
that I'd run some time back. I'll try it out again and let you know the
results.
checking size of long long... 8
checking for INT64_C... no
checking for INT64_C in stdint.h... (cached) no
checking size of ssize_t... 4
1 - 100 of 181 matches
Mail list logo