Lighttpd

I have a similar issue with a custom resource-constrained device. I have a tiny /tmp that is only 2MB in size but the files I need to upload are all under 10K so that is ok for me. However, I want to handle those cases where a user accidentally picks a 700MB file by mistake.

I tried setting server.max-request-size to 16 (i.e. 16KB) and this works fine as long as the uploaded files are smaller than 2MB. However, once the files get large (e.g. > 2MB) I stop getting a 413 (request too large) error back from the server.

This issue only happens with a HTTPS connection. If I switch over to HTTP, everything works as expected (i.e. I always get a 413 back). However, I need to have this working over HTTPS.

So, I dug a bit deeper and find that SSL_Read() is returning 0 when I try to upload one of these big files. 0 is an error. The error appears to be due to a SSL_ERROR_SYSCALL but errno is reported as zero. When SSL_Read() returns 0, connection_handle_read_ssl() returns -2 to connection_handle_read_state() which causes is_closed to be set to 1. I think this is why the 413 repsonse code never gets sent back to the client.

I dug a bit deeper and see (using wireshark) that I get an encrypted alarm sent back from the server SSL layer. It looks like 0x1a but that does not appear on the Wikipedia page (http://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol) so I don't know how to go about fixing the problem.

Do you have any idea how I can "fix" this issue? I cannot use a bigger device partition as I do not have one available to me, on my resource constrained device.

My testing has been done with v1.4.32 on an x86 PC running Ubunta 13.04. I compiled lighttpd via the usual ./configure; make; make install route. My config is attached. I used Linux google-chrome v29.0.1547.57 for my tests. The same problems happen with Firefox and IE.

OpenSSL 1.0.1c 10 May 2012