Tomcat + HttpClient + SSL + tcnative-1.dll issues?

["Jim Brikman (ybrikman)" <yb...@cisco.com>]

Are there any known issues when using the Apache HttpClient to send
https requests to Tomcat running with tcnative-1.dll? Perhaps different
SSL stacks causing issues?
 
The issue we are seeing is duplicate messages: our HttpClient sends just
one copy of the message (an https request), but on the Tomcat side (with
tcnative-1.dll) we are seeing the message twice. This only happens with
https and not http.
 
Jim
 
 	
Yevgeniy (Jim) Brikman
Software Engineer
Voice Technology Group

ybrikman@cisco.com
Phone :978-936-0510
Mobile :617-538-2632



500 Beaver Brook Road
Boxborough, MA 01719
United States
www.cisco.com <http://www.cisco.com/> 

 	
 	

 

Re: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

[Mark Thomas <ma...@apache.org>]

stacjohn wrote:
> Hi Mark, 
> 
> As Jim mentioned, thanks again for the find! We have tested with the latest
> source code and the issue is indeed solved.
Great.

> Do you happen to know when the
> new tcnative-1.dll will be available?
Soon...

> Or is there a mailer I could track or
> an online release schedule? 
It will be announced on the list, the dev list and the Apache wide announce 
list.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

[stacjohn <st...@cisco.com>]

Hi Mark, 

As Jim mentioned, thanks again for the find! We have tested with the latest
source code and the issue is indeed solved. Do you happen to know when the
new tcnative-1.dll will be available? Or is there a mailer I could track or
an online release schedule? 

Stacy


Jim Brikman (ybrikman) wrote:
> 
> Good find Mark! It definitely does sound like the issue you linked.
> We'll try building the code ourselves and see if it takes care of the
> issue.
> 
> Thanks,
> Jim 
> 
> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org] 
> Sent: Friday, January 04, 2008 5:39 PM
> To: Tomcat Users List
> Subject: Re: Tomcat + HttpClient + SSL + tcnative-1.dll issues?
> 
> JP Beaudry wrote:
>> How do we go about debugging this? Is there any lower level tracing we
> 
>> can enable? Somewhere between the Tomcat access log and a sniffer
> trace?
> 
> This sounds like http://issues.apache.org/bugzilla/show_bug.cgi?id=44087
> 
> A new native release is planned shortly to fix this. In the meantime,
> you could try building from the source and seeing if the issue you are
> seeing is indeed fixed.
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
> e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Tomcat-%2B-HttpClient-%2B-SSL-%2B-tcnative-1.dll-issues--tp14587172p14741024.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

["Jim Brikman (ybrikman)" <yb...@cisco.com>]

Good find Mark! It definitely does sound like the issue you linked.
We'll try building the code ourselves and see if it takes care of the
issue.

Thanks,
Jim 

-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Friday, January 04, 2008 5:39 PM
To: Tomcat Users List
Subject: Re: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

JP Beaudry wrote:
> How do we go about debugging this? Is there any lower level tracing we

> can enable? Somewhere between the Tomcat access log and a sniffer
trace?

This sounds like http://issues.apache.org/bugzilla/show_bug.cgi?id=44087

A new native release is planned shortly to fix this. In the meantime,
you could try building from the source and seeing if the issue you are
seeing is indeed fixed.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

[Mark Thomas <ma...@apache.org>]

JP Beaudry wrote:
> How do we go about debugging this? Is there any lower level tracing we can
> enable? Somewhere between the Tomcat access log and a sniffer trace?

This sounds like http://issues.apache.org/bugzilla/show_bug.cgi?id=44087

A new native release is planned shortly to fix this. In the meantime, you
could try building from the source and seeing if the issue you are seeing
is indeed fixed.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat + HttpClient + SSL + tcnative-1.dll issues?

[JP Beaudry <jb...@cisco.com>]

We're narrowed down the problem further. It appears that a buffer within the
SSL decoding process is not flushed properly which results in the HTTP
request being sent to the application (Tomcat) twice. Wireshark clearly
shows only one request, while the Tomcat access log shows two. As previously
stated, this does not happen when we remove tcnative and use the built-in
SSL decryption. Nor when plain HTTP is used.

We've also reproduced the problem with Firefox as the HTTPS client, whereas
the original issue was seen with HttpClient from Jakarta Commons
(http://hc.apache.org/httpclient-3.x/). The timing, in the Tomcat access
log, of the redundant request varies a bit based on the client. With
HttpClient, the superfluous request appears when the TCP connection is
reset, which is about 15s after the request was received. With Firefox, the
dup is seen only when a subsequent request is made, as though it removes a
clog.

How do we go about debugging this? Is there any lower level tracing we can
enable? Somewhere between the Tomcat access log and a sniffer trace?

Thanks,
JP



Jim Brikman (ybrikman) wrote:
> 
> Are there any known issues when using the Apache HttpClient to send
> https requests to Tomcat running with tcnative-1.dll? Perhaps different
> SSL stacks causing issues?
>  
> The issue we are seeing is duplicate messages: our HttpClient sends just
> one copy of the message (an https request), but on the Tomcat side (with
> tcnative-1.dll) we are seeing the message twice. This only happens with
> https and not http.
>  
> Jim
>  
>  	
> Yevgeniy (Jim) Brikman
> Software Engineer
> Voice Technology Group
> 
> ybrikman@cisco.com
> Phone :978-936-0510
> Mobile :617-538-2632
> 
> 
> 
> 500 Beaver Brook Road
> Boxborough, MA 01719
> United States
> www.cisco.com <http://www.cisco.com/> 
> 
>  	
>  	
> 
>  
> 
> 

-- 
View this message in context: http://www.nabble.com/Tomcat-%2B-HttpClient-%2B-SSL-%2B-tcnative-1.dll-issues--tp14587172p14623993.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org