Project

General

Profile

HTTPS communication hosed in 1.4.26?

Added by mlcreech about 14 years ago

The fix which is included in 1.4.26 for the DoS attack seems to break HTTPS communication on my installation. I isolated the problem to the one patch at revision r2710 - if I revert that patch, everything works. If I leave it, some HTTPS connections hang, and my syslog contains lines like:

Feb 11 19:58:18 lighttpd[8455]: (connections.c.1698) SSL (error): 5 -1 0 Success

This doesn't happen to every request - the initial page loads fine, and I can get some good data, but large web service requests (which are serviced by a FastCGI backend) hang and eventually time out.

The changes at revision r2710 altered the call to

SSL_read()
which now ignores the warning in the OpenSSL docs, so maybe that's related? Has anyone else had issues with HTTPS on Lighttpd 1.4.26? Thanks!

Tested versions:

Lighttpd 1.4.26 (plus a patch for bug #2157)
OpenSSL 1.0.0-beta5
Running on Linux 2.6.31

Firefox 3.5 (Windows and Linux)


Replies (3)

RE: HTTPS communication hosed in 1.4.26? - Added by stbuehler about 14 years ago

SSL_shutdown failed, SSL_get_error returned SSL_ERROR_SYSCALL, but errno == 0 - I think there is something wrong with your ssl lib.

But perhaps you are right, and ssl really wants to have the same read buffer after SSL_ERROR_WANT_READ... but i don't remember bug reports from 1.5 for this.

RE: HTTPS communication hosed in 1.4.26? - Added by mlcreech about 14 years ago

Interesting, maybe there's something wrong with the error returns in openssl 1.0.0-rc5...

Anyway, I found that I still get similar messages in the syslog even after reverting revision r2710 (just not as often), but things work correctly. So it seems like the message may not necessarily be tied to the hanging SSL connections.

I'll keep digging and file a bug report if I can gather some more concrete info, I guess. Thanks stbuehler

RE: HTTPS communication hosed in 1.4.26? - Added by Anonymous about 14 years ago

Since I updated to openssl 0.9.8m I have noticed the same error messages in my log. (using lighttpd 1.4.26 with the same patch applied)

But other than this log entry I didn't notice any problem so far. So it seems at least hard to reproduce.

    (1-3/3)