You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Daniel Ruggeri <dr...@primary.net> on 2018/10/09 11:36:09 UTC
NOTICE: Intent to T&R 2.4.36
Hi, all;
Barring any major disagreement in the next several hours, I intend to T&R our next version later today or early tomorrow.
Hooray for TLS 1.3!
--
Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by Yann Ylavic <yl...@gmail.com>.
Hi Daniel,
On Tue, Oct 9, 2018 at 1:36 PM Daniel Ruggeri <dr...@primary.net> wrote:
>
> Barring any major disagreement in the next several hours, I intend to T&R our next version later today or early tomorrow.
Thanks for proposing!
I wish we could include the two mod_ssl fixes (w/ missing votes) for 2.4.36.
Btw, there are accepted backport which are not merged yet.
Regards,
Yann.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
My view:
Shipping the TLSv1.3 support has risks, but we also need to
enable people to have the latest in transport security.
We paid attention to keeping the behaviour with older versions
of openssl unchanged and our test cases confirm that this is the
case - as far or short as they go.
People linking their server (or shipping a distro) with openssl 1.1.1
or the relevant libressl version for TLSv1.3 opt in to share that
risk, consciously.
We can mitigate the risk of such changes with
a) better test suites
b) a broader test community
While no one is prevented from voting on a release candidate, the time
window is too short for some people, I believe.
My experience with making mod_http2 and mod_md available standalone
on github is:
- it's a platform for people who make "bleeding-edge" packages available
to a range of people who like to run on the latest and greatest.
- it broadens the test base considerably
- it simplifies testing of fixes
- it simplifies analysis of bug reports against our 2.4.x releases as
issues are often reported more than once and I can point people to
the github release for checking their bug against fixes already made.
The httpd project is, right now, not offering this. People can check out
2.4.x, sure, but fixes often trickle only in just before a release. Also,
the 2.4.x branch is not intended for testing a "hopeful" fix. And testing
the dev branch is not the same either.
So, it seems to me, as we are missing a 2.4.x-candy branch that is CTR
and where from RTC merges with votes are done to 2.4.x. From 2.4.x-candy
we could tag "release-candidates" and provide our usual tar balls in
a pretty automated way. They'd have not CVE relevant changes and need no
big announcements. I imagine Daniels scripts can make them easily.
For 2.4.36 it would have meant that we'd had people testing TLSv1.3 for
weeks now, in much broader settings. And it would not have cost us much.
Cheers,
Stefan
> Am 10.10.2018 um 22:45 schrieb Gregg Smith <gl...@gknw.net>:
>
> FWIW, I've been running 2.4.36-dev at revision 1841586 for 19 days 35 minutes as of this writing and I've seen no problems up to this point. Granted I only get a few thousand hits a day and not millions but so far so good. Haven't had many tls/1.3 but I would assume that's to be expected for another week or two until Chrome 70 and Firefox 63 come out.
>
> Now off to build .36
>
> On 10/10/2018 1:29 PM, William A Rowe Jr wrote:
>> On Wed, Oct 10, 2018, 14:53 Mark Blackman <ma...@exonetric.com> wrote:
>>>
>>> Does the TLSv1.3 support need to be production ready?
>>>
>>> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger
>>> existing behaviours, I would have assumed it’s relatively safe to release
>>> with caveats in the docs.
>>> Of course, once there’s more take-up of TLSv1.3, then the test suite needs
>>> to be useful. Getting real-world feedback about something completely new
>>> that doesn’t endanger existing behaviours outside of TLSv1.3 is probably
>>> worthwhile.
>>>
>> Were it so easy...
>> It turns out httpd through 2.4.35 remain incompatible with changes to
>> openssl 1.1.1. This was disappointing from this project's perspective, the
>> issues are tracked on openssl project GitHub tickets.
>> If everything is good about this candidate, it should build and run against
>> 1.1.0, or 1.1.1, whether or not TLS 1.3 is enabled or avoided.
>> Ben Laurie last decade tried to address this with mod_tls, but mod_ssl
>> remains deeply tied to the internal behavior of libssl and libcrypto, to a
>> degree that it is effectively impossible to drop in 1.1.1 due to mechanical
>> changes in the protocol.
>> Dropping httpd 2.4.any into openssl 1.1.1 is a mess that several committers
>> have applied a great deal of attention to. We've undergone the same
>> problems with 1.1.0, 1.0.1, 1.0.0 and 0.9.8, so this didn't come as a
>> surprise.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Gregg Smith <gl...@gknw.net>.
FWIW, I've been running 2.4.36-dev at revision 1841586 for 19 days 35
minutes as of this writing and I've seen no problems up to this point.
Granted I only get a few thousand hits a day and not millions but so far
so good. Haven't had many tls/1.3 but I would assume that's to be
expected for another week or two until Chrome 70 and Firefox 63 come out.
Now off to build .36
On 10/10/2018 1:29 PM, William A Rowe Jr wrote:
> On Wed, Oct 10, 2018, 14:53 Mark Blackman <ma...@exonetric.com> wrote:
>
>>
>> Does the TLSv1.3 support need to be production ready?
>>
>> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger
>> existing behaviours, I would have assumed it’s relatively safe to release
>> with caveats in the docs.
>> Of course, once there’s more take-up of TLSv1.3, then the test suite needs
>> to be useful. Getting real-world feedback about something completely new
>> that doesn’t endanger existing behaviours outside of TLSv1.3 is probably
>> worthwhile.
>>
>
> Were it so easy...
>
> It turns out httpd through 2.4.35 remain incompatible with changes to
> openssl 1.1.1. This was disappointing from this project's perspective, the
> issues are tracked on openssl project GitHub tickets.
>
> If everything is good about this candidate, it should build and run against
> 1.1.0, or 1.1.1, whether or not TLS 1.3 is enabled or avoided.
>
> Ben Laurie last decade tried to address this with mod_tls, but mod_ssl
> remains deeply tied to the internal behavior of libssl and libcrypto, to a
> degree that it is effectively impossible to drop in 1.1.1 due to mechanical
> changes in the protocol.
>
> Dropping httpd 2.4.any into openssl 1.1.1 is a mess that several committers
> have applied a great deal of attention to. We've undergone the same
> problems with 1.1.0, 1.0.1, 1.0.0 and 0.9.8, so this didn't come as a
> surprise.
>
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Oct 10, 2018, 14:53 Mark Blackman <ma...@exonetric.com> wrote:
>
> Does the TLSv1.3 support need to be production ready?
>
> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger
> existing behaviours, I would have assumed it’s relatively safe to release
> with caveats in the docs.
> Of course, once there’s more take-up of TLSv1.3, then the test suite needs
> to be useful. Getting real-world feedback about something completely new
> that doesn’t endanger existing behaviours outside of TLSv1.3 is probably
> worthwhile.
>
Were it so easy...
It turns out httpd through 2.4.35 remain incompatible with changes to
openssl 1.1.1. This was disappointing from this project's perspective, the
issues are tracked on openssl project GitHub tickets.
If everything is good about this candidate, it should build and run against
1.1.0, or 1.1.1, whether or not TLS 1.3 is enabled or avoided.
Ben Laurie last decade tried to address this with mod_tls, but mod_ssl
remains deeply tied to the internal behavior of libssl and libcrypto, to a
degree that it is effectively impossible to drop in 1.1.1 due to mechanical
changes in the protocol.
Dropping httpd 2.4.any into openssl 1.1.1 is a mess that several committers
have applied a great deal of attention to. We've undergone the same
problems with 1.1.0, 1.0.1, 1.0.0 and 0.9.8, so this didn't come as a
surprise.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Mark Blackman <ma...@exonetric.com>.
> On 10 Oct 2018, at 21:04, Jim Jagielski <ji...@jaguNET.com> wrote:
>
>>
>> Does the TLSv1.3 support need to be production ready?
>>
>> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger existing behaviours, I would have assumed it’s relatively safe to release with caveats in the docs.
>> Of course, once there’s more take-up of TLSv1.3, then the test suite needs to be useful. Getting real-world feedback about something completely new that doesn’t endanger existing behaviours outside of TLSv1.3 is probably worthwhile.
>
> The issue is that such a major feature enhancement touches a lot of code. That can cause regressions.
>
> Sometimes, some people try to reduce and restrict development and new features using that as an argument. I, and numerous others, have consistently disagreed with that as a convincing argument against adding stuff to 2.4.x. In this particular situation, the "usual suspect(s)" were actually very gung-ho on release, despite this being the exact kind of situation they would normally balk against. I was noting the discrepancy and wondering the reasoning…
Fair enough, I hadn’t checked to see how invasive the change was. I had assumed a lot of "#ifdef TLSV13” protecting current behaviours.
- Mark
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
>
> Does the TLSv1.3 support need to be production ready?
>
> TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger existing behaviours, I would have assumed it’s relatively safe to release with caveats in the docs.
> Of course, once there’s more take-up of TLSv1.3, then the test suite needs to be useful. Getting real-world feedback about something completely new that doesn’t endanger existing behaviours outside of TLSv1.3 is probably worthwhile.
The issue is that such a major feature enhancement touches a lot of code. That can cause regressions.
Sometimes, some people try to reduce and restrict development and new features using that as an argument. I, and numerous others, have consistently disagreed with that as a convincing argument against adding stuff to 2.4.x. In this particular situation, the "usual suspect(s)" were actually very gung-ho on release, despite this being the exact kind of situation they would normally balk against. I was noting the discrepancy and wondering the reasoning...
Re: NOTICE: Intent to T&R 2.4.36
Posted by Mark Blackman <ma...@exonetric.com>.
> On 10 Oct 2018, at 20:28, Jim Jagielski <ji...@jaguNET.com> wrote:
>
>
>
>> On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wrowe@rowe-clan.net <ma...@rowe-clan.net>> wrote:
>>
>> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <jim@jagunet.com <ma...@jagunet.com>> wrote:
>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>>
>> If that's not ready for prime time, then why a release??
>>
>> AIUI, it isn't that httpd isn't ready for release, or even httpd-test framework.
>> Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
>> we will continue to see odd test results.
>
> The question is How Comfortable Are We That TLSv1.3 Support Is Production Ready?
>
> This release seems very, very rushed to me. It seems strange that for someone who balks against releasing s/w that hasn't been sufficiently tested, or could cause regressions, and that the sole reason for this particular release is TLSv1.3 support which seems insufficiently tested, you are uncharacteristic cool with all this.
Does the TLSv1.3 support need to be production ready?
TLSv1.3 is presumably an opt-in feature and as long as it doesn’t endanger existing behaviours, I would have assumed it’s relatively safe to release with caveats in the docs.
Of course, once there’s more take-up of TLSv1.3, then the test suite needs to be useful. Getting real-world feedback about something completely new that doesn’t endanger existing behaviours outside of TLSv1.3 is probably worthwhile.
- Mark
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Oct 10, 2018, 14:46 Jim Jagielski <ji...@jagunet.com> wrote:
>
> On Oct 10, 2018, at 3:37 PM, William A Rowe Jr <wr...@rowe-clan.net>
> wrote:
>
> On Wed, Oct 10, 2018, 14:28 Jim Jagielski <ji...@jagunet.com> wrote:
>
>>
>> On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wr...@rowe-clan.net>
>> wrote:
>>
>> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <ji...@jagunet.com> wrote:
>>
>>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>>>
>>> If that's not ready for prime time, then why a release??
>>>
>>
>> AIUI, it isn't that httpd isn't ready for release, or even httpd-test
>> framework.
>> Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
>> we will continue to see odd test results.
>>
>> The question is How Comfortable Are We That TLSv1.3 Support Is Production
>> Ready?
>>
>
"We" answer that question by voting on a release candidate.
This release seems very, very rushed to me. It seems strange that for
>> someone who balks against releasing s/w that hasn't been sufficiently
>> tested, or could cause regressions, and that the sole reason for this
>> particular release is TLSv1.3 support which seems insufficiently tested,
>> you are uncharacteristic cool with all this.
>>
>
> You elided the other half of my answer, you might want to read the entire
> comment.
>
> If we can exercise the same discipline with 2.4.37 that we showed with
> 2.4.35, then instead of producing a string of releases with a string of
> regressions, we still come out ahead for all users.
>
>
> You wrote:
> It was my hope we would push this out as 2.5.1-alpha, as now synced
> with 2.4.x branch, and let the eager early adopters help us uncover any
> unforeseen issues. Think we have a handle on, and have addressed
> the anticipated issues.
>
> So "eager early adopters" are OK with modules *you* wish to push out, even
> if they aren't quite ready, but NOT OK with modules and features others
> want, even if they also agree that they 'have a handle on, and have
> addressed the anticipated issues'
>
Do you actually remember what an -alpha release was? I know we've thrown
all the s&$# against the wall that would stick for the past 8 years,
waiting until it was announced to find out how much would slide back on the
floor.
What I just wrote above is that I think 2.4.36 is premature, but a release
for users to test is not. But since all of our discussions of reversioning
end up as immature as your silly provocation above, I've been done
debating. I haven't said yes or no to 2.4.36, I only started promoting the
idea of 2.5 alpha again, and even had a brief hope you supported the idea,
before you suggested throwing the contents of trunk en masse back into the
maintenance branch 2.4. That's when I checked out of the discussion, no
desire to keep beating my head against that brick wall.
In other words: would anyone else have suggested adding a major feature
> such as this, with somewhat questionable testing as well as it being the
> sole reason for said release, you would have complained and dismissed such
> explanations as 'eager early adopters' as facetious. I am glad that this is
> no longer the case and you have Seen The Light! As long as we can show an
> attempt at testing, and convince ourselves we have a "handle on" anything
> that might pop up, and addressed any anticipated issues, we can continue
> adding new features as we have been and still come out ahead for all users.
> Again, this is what I and others have been pushing and promoting for years
> so I am again glad that you have finally agreed.
>
> It's the inconsistency that is bothersome.
>
I've stated repeatedly that so long as httpd project members remain split
on offering a security and defect-fix maintenance branch, and in violent
opposition to moving forward with an enhancement 2.next or even 3.0
release, I've checked out from expressing an opinion on the way the project
manages the release branch, or the readiness of that branch, and I'll just
pay attention to trunk, which is interesting to me.
My only recent input was a plea to get out the first regression fix,
security and maintenance release out since 2.4.18 or so (looks that we
succeeded with .35), support for the proposal to start moving on
2.5.1-alpha from trunk, and an absolute insistence that all RMs observe
both the public STATUS as well as our internal security STATUS in preparing
and publicizing releases. Other details aren't worth endless debate threads.
When a 2.4 release is approved, I'm about to propose the same
feature/enhancement freeze for one subversion (so .38 following .37, should
the .36 candidate prove not ready yet) to address newly introduced (yet
undetected) defects, before we return to the is all pattern of chaotic
changes again.
Presenting this as 2.5.1-alpha and leveraging our users@ scrutiny still
makes more sense to me, and if the changes proved non-disruptive, shipping
these as 2.4.x afterwards.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Oct 10, 2018, at 3:37 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> On Wed, Oct 10, 2018, 14:28 Jim Jagielski <jim@jagunet.com <ma...@jagunet.com>> wrote:
>
>
>> On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wrowe@rowe-clan.net <ma...@rowe-clan.net>> wrote:
>>
>> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <jim@jagunet.com <ma...@jagunet.com>> wrote:
>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>>
>> If that's not ready for prime time, then why a release??
>>
>> AIUI, it isn't that httpd isn't ready for release, or even httpd-test framework.
>> Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
>> we will continue to see odd test results.
>
> The question is How Comfortable Are We That TLSv1.3 Support Is Production Ready?
>
> This release seems very, very rushed to me. It seems strange that for someone who balks against releasing s/w that hasn't been sufficiently tested, or could cause regressions, and that the sole reason for this particular release is TLSv1.3 support which seems insufficiently tested, you are uncharacteristic cool with all this.
>
> You elided the other half of my answer, you might want to read the entire comment.
>
> If we can exercise the same discipline with 2.4.37 that we showed with 2.4.35, then instead of producing a string of releases with a string of regressions, we still come out ahead for all users.
You wrote:
It was my hope we would push this out as 2.5.1-alpha, as now synced
with 2.4.x branch, and let the eager early adopters help us uncover any
unforeseen issues. Think we have a handle on, and have addressed
the anticipated issues.
So "eager early adopters" are OK with modules *you* wish to push out, even if they aren't quite ready, but NOT OK with modules and features others want, even if they also agree that they 'have a handle on, and have addressed the anticipated issues'
In other words: would anyone else have suggested adding a major feature such as this, with somewhat questionable testing as well as it being the sole reason for said release, you would have complained and dismissed such explanations as 'eager early adopters' as facetious. I am glad that this is no longer the case and you have Seen The Light! As long as we can show an attempt at testing, and convince ourselves we have a "handle on" anything that might pop up, and addressed any anticipated issues, we can continue adding new features as we have been and still come out ahead for all users. Again, this is what I and others have been pushing and promoting for years so I am again glad that you have finally agreed.
It's the inconsistency that is bothersome.
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Oct 10, 2018, 14:28 Jim Jagielski <ji...@jagunet.com> wrote:
>
>
> On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wr...@rowe-clan.net>
> wrote:
>
> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <ji...@jagunet.com> wrote:
>
>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>>
>> If that's not ready for prime time, then why a release??
>>
>
> AIUI, it isn't that httpd isn't ready for release, or even httpd-test
> framework.
> Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
> we will continue to see odd test results.
>
>
> The question is How Comfortable Are We That TLSv1.3 Support Is Production
> Ready?
>
> This release seems very, very rushed to me. It seems strange that for
> someone who balks against releasing s/w that hasn't been sufficiently
> tested, or could cause regressions, and that the sole reason for this
> particular release is TLSv1.3 support which seems insufficiently tested,
> you are uncharacteristic cool with all this.
>
You elided the other half of my answer, you might want to read the entire
comment.
If we can exercise the same discipline with 2.4.37 that we showed with
2.4.35, then instead of producing a string of releases with a string of
regressions, we still come out ahead for all users.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <jim@jagunet.com <ma...@jagunet.com>> wrote:
> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>
> If that's not ready for prime time, then why a release??
>
> AIUI, it isn't that httpd isn't ready for release, or even httpd-test framework.
> Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
> we will continue to see odd test results.
The question is How Comfortable Are We That TLSv1.3 Support Is Production Ready?
This release seems very, very rushed to me. It seems strange that for someone who balks against releasing s/w that hasn't been sufficiently tested, or could cause regressions, and that the sole reason for this particular release is TLSv1.3 support which seems insufficiently tested, you are uncharacteristic cool with all this.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
FWIW, I am NOT proposing that. Nor would I have the right to do so.
> On Oct 10, 2018, at 3:50 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
> On 2018-10-10 14:01, William A Rowe Jr wrote:
>> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <ji...@jagunet.com> wrote:
>>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3
>>> support.
>>> If that's not ready for prime time, then why a release??
>> AIUI, it isn't that httpd isn't ready for release, or even httpd-test
>> framework.
>> Until all the upstream CPAN modules behave reasonably with openssl
>> 1.1.1
>> we will continue to see odd test results.
>> It was my hope we would push this out as 2.5.1-alpha, as now synced
>> with 2.4.x branch, and let the eager early adopters help us uncover
>> any
>> unforeseen issues. Think we have a handle on, and have addressed
>> the anticipated issues.
>
> Right, my understanding is that this is more around the test suite and how it does the testing rather than the project itself. If that's not the case, and httpd itself isn't ready, I'm OK with aborting the release process.
>
> --
> Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by Daniel Ruggeri <dr...@primary.net>.
On 2018-10-10 14:01, William A Rowe Jr wrote:
> On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <ji...@jagunet.com> wrote:
>
>> I thought the whole intent for a quick 2.4.36 was for TLSv1.3
>> support.
>>
>> If that's not ready for prime time, then why a release??
>
> AIUI, it isn't that httpd isn't ready for release, or even httpd-test
> framework.
> Until all the upstream CPAN modules behave reasonably with openssl
> 1.1.1
> we will continue to see odd test results.
>
> It was my hope we would push this out as 2.5.1-alpha, as now synced
> with 2.4.x branch, and let the eager early adopters help us uncover
> any
> unforeseen issues. Think we have a handle on, and have addressed
> the anticipated issues.
Right, my understanding is that this is more around the test suite and
how it does the testing rather than the project itself. If that's not
the case, and httpd itself isn't ready, I'm OK with aborting the release
process.
--
Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <ji...@jagunet.com> wrote:
> I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
>
> If that's not ready for prime time, then why a release??
>
AIUI, it isn't that httpd isn't ready for release, or even httpd-test
framework.
Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
we will continue to see odd test results.
It was my hope we would push this out as 2.5.1-alpha, as now synced
with 2.4.x branch, and let the eager early adopters help us uncover any
unforeseen issues. Think we have a handle on, and have addressed
the anticipated issues.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.
If that's not ready for prime time, then why a release??
> On Oct 10, 2018, at 2:11 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
> On 2018-10-10 07:30, Joe Orton wrote:
>> On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
>>> Hi, all;
>>> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but
>>> found several test failures. In the past, these issues have been isolated to
>>> my environment so I just wanted to drop a line to see if anyone has run the
>>> test suite against 2.4.x lately and can corroborate this result? If not, I
>>> can debug my environment.
>> TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry. I have
>> updated the test suite just now to disable TLSv1.3 testing for most
>> people. We need updates to Net::SSLeay (the latest upstream has the
>> patch) and IO::Socket::SSL, but the latter is not patched upstream, so I
>> can't make an accurate test for that yet.
>> At worst, forcibly testing with:
>> ./t/TEST -sslproto 'all -TLSv1.2'
>> should now be possible.
>> (If using an existing check-out of the test suite don't forget to re-run
>> "make" before running ./t/TEST -conf to regenerate the config...)
>> Let me know if that's not made any difference for you.
>> I don't know why t/modules/http2.t is failing but I see that here too.
>
> Thanks Joe and Bill.
>
> Yep, when flipping back over to OpenSSL 1.1.0i, everything works A-OK. Even the H2 failure irons itself out. It's a bummer to hear TLS 1.3 testing isn't up to snuff with this being the major feature of the release.
>
> I also just wiped the environment, recompiled everything from scratch (same versions noted below) and reran the tests with the latest test framework and see that the recent changes to the framework leave only the failing h2 test (which doesn't happen w/ 1.1.0i). So... I think it was indeed localized to the test framework.
>
> I'm also happy to see the H2 EOS fix in, too!
>
> So... I think I'm content with the results and am ready to T&R!
>
>> Regards, Joe
>>> Test Summary Report
>>> -------------------
>>> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
>>> Parse errors: Bad plan. You planned 52 tests but ran 24.
>>> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
>>> Failed tests: 3-4
>>> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
>>> Failed tests: 2-3
>>> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
>>> Failed tests: 16-30
>>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
>>> Failed tests: 1-4
>>> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
>>> Failed tests: 2-3
>>> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
>>> Failed test: 3
>>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
>>> Failed tests: 2, 5, 9
>>> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
>>> Failed tests: 1-83
>>> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
>>> Failed test: 2
>>> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr
>>> 11.08 csys = 61.68 CPU)
>>> Versions at play were:
>>> system:
>>> kernel:
>>> name: Linux
>>> release: 3.16.0-4-amd64
>>> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
>>> machine: x86_64
>>> libraries:
>>> openssl: "1.1.1"
>>> openldap: "2.4.46"
>>> apr: "1.6.5"
>>> apr-util: "1.6.1"
>>> iconv: "1.2.2"
>>> brotli: "1.0.6"
>>> nghttp2: "1.34.0"
>>> zlib: "1.2.11"
>>> pcre: "8.42"
>>> libxml2: "2.9.8"
>>> php: "5.6.38"
>>> lua: "5.3.5"
>>> curl: "7.61.1"
>>> Anything look obviously crazy/wrong?
>>> --
>>> Daniel Ruggeri
>>> On 2018-10-09 06:36, Daniel Ruggeri wrote:
>>> > Hi, all;
>>> > Barring any major disagreement in the next several hours, I intend to
>>> > T&R our next version later today or early tomorrow.
>>> >
>>> > Hooray for TLS 1.3!
>>> > --
>>> > Daniel Ruggeri
>
> --
> Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by Daniel Ruggeri <dr...@primary.net>.
On 2018-10-10 07:30, Joe Orton wrote:
> On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
>> Hi, all;
>> I ran through my usual testing routine, this time with OpenSSL
>> 1.1.1, but
>> found several test failures. In the past, these issues have been
>> isolated to
>> my environment so I just wanted to drop a line to see if anyone has
>> run the
>> test suite against 2.4.x lately and can corroborate this result? If
>> not, I
>> can debug my environment.
>
> TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry. I have
> updated the test suite just now to disable TLSv1.3 testing for most
> people. We need updates to Net::SSLeay (the latest upstream has the
> patch) and IO::Socket::SSL, but the latter is not patched upstream, so
> I
> can't make an accurate test for that yet.
>
> At worst, forcibly testing with:
>
> ./t/TEST -sslproto 'all -TLSv1.2'
>
> should now be possible.
>
> (If using an existing check-out of the test suite don't forget to
> re-run
> "make" before running ./t/TEST -conf to regenerate the config...)
>
> Let me know if that's not made any difference for you.
>
> I don't know why t/modules/http2.t is failing but I see that here too.
Thanks Joe and Bill.
Yep, when flipping back over to OpenSSL 1.1.0i, everything works A-OK.
Even the H2 failure irons itself out. It's a bummer to hear TLS 1.3
testing isn't up to snuff with this being the major feature of the
release.
I also just wiped the environment, recompiled everything from scratch
(same versions noted below) and reran the tests with the latest test
framework and see that the recent changes to the framework leave only
the failing h2 test (which doesn't happen w/ 1.1.0i). So... I think it
was indeed localized to the test framework.
I'm also happy to see the H2 EOS fix in, too!
So... I think I'm content with the results and am ready to T&R!
>
> Regards, Joe
>
>
>>
>> Test Summary Report
>> -------------------
>> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
>> Parse errors: Bad plan. You planned 52 tests but ran 24.
>> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 3-4
>> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
>> Failed tests: 16-30
>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
>> Failed tests: 1-4
>> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 3
>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
>> Failed tests: 2, 5, 9
>> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
>> Failed tests: 1-83
>> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 2
>> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46
>> cusr
>> 11.08 csys = 61.68 CPU)
>>
>>
>> Versions at play were:
>> system:
>> kernel:
>> name: Linux
>> release: 3.16.0-4-amd64
>> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
>> machine: x86_64
>>
>> libraries:
>> openssl: "1.1.1"
>> openldap: "2.4.46"
>> apr: "1.6.5"
>> apr-util: "1.6.1"
>> iconv: "1.2.2"
>> brotli: "1.0.6"
>> nghttp2: "1.34.0"
>> zlib: "1.2.11"
>> pcre: "8.42"
>> libxml2: "2.9.8"
>> php: "5.6.38"
>> lua: "5.3.5"
>> curl: "7.61.1"
>>
>>
>> Anything look obviously crazy/wrong?
>>
>> --
>> Daniel Ruggeri
>>
>> On 2018-10-09 06:36, Daniel Ruggeri wrote:
>> > Hi, all;
>> > Barring any major disagreement in the next several hours, I intend to
>> > T&R our next version later today or early tomorrow.
>> >
>> > Hooray for TLS 1.3!
>> > --
>> > Daniel Ruggeri
--
Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Oct 10, 2018, 09:04 Stefan Eissing <st...@greenbytes.de>
wrote:
>
> Since each pytest module starts httpd and stops it again, the config files
> can be very local to the tests being done. That makes them quite easy to
> understand and startup times very short.
>
Sadly, that's an enormous regression from the perl-framework. You'll note
that our suite can be started in server mode on a significantly limited
test host environment, and the tests applied from a more comprehensive test
client instance. This proved especially helpful on aix, hpux and other odd
ball architectures when they were part of my focus.
>
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
Just pushed a fix to github.
> Am 11.10.2018 um 13:21 schrieb Stefan Eissing <st...@greenbytes.de>:
>
> That is a change in trunk which has not been ported to our 2.4.x branch. Since the github mod_http2 is intended for people who place the module into their 2.4.x server, I did not add a mpm version check for this - yet.
>
>
>
>> Am 11.10.2018 um 13:17 schrieb Jim Jagielski <ji...@jaguNET.com>:
>>
>> BTW, and I'm sure you know this, that this fails w/ trunk:
>>
>> % make
>> Making all in mod_http2
>> CC mod_http2_la-h2_alt_svc.lo
>> CC mod_http2_la-h2_bucket_beam.lo
>> CC mod_http2_la-h2_bucket_eos.lo
>> CC mod_http2_la-h2_config.lo
>> CC mod_http2_la-h2_conn.lo
>> h2_conn.c:311:8: error: no member named 'data_in_input_filters' in 'struct conn_rec'; did you mean 'clogging_input_filters'?
>> c->data_in_input_filters = 0;
>> ^~~~~~~~~~~~~~~~~~~~~
>> clogging_input_filters
>> /usr/local2/apache2/include/httpd.h:1178:18: note: 'clogging_input_filters' declared here
>> unsigned int clogging_input_filters:1;
>> ^
>> h2_conn.c:312:8: error: no member named 'data_in_output_filters' in 'struct conn_rec'
>> c->data_in_output_filters = 0;
>> ~ ^
>> 2 errors generated.
>
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
That is a change in trunk which has not been ported to our 2.4.x branch. Since the github mod_http2 is intended for people who place the module into their 2.4.x server, I did not add a mpm version check for this - yet.
> Am 11.10.2018 um 13:17 schrieb Jim Jagielski <ji...@jaguNET.com>:
>
> BTW, and I'm sure you know this, that this fails w/ trunk:
>
> % make
> Making all in mod_http2
> CC mod_http2_la-h2_alt_svc.lo
> CC mod_http2_la-h2_bucket_beam.lo
> CC mod_http2_la-h2_bucket_eos.lo
> CC mod_http2_la-h2_config.lo
> CC mod_http2_la-h2_conn.lo
> h2_conn.c:311:8: error: no member named 'data_in_input_filters' in 'struct conn_rec'; did you mean 'clogging_input_filters'?
> c->data_in_input_filters = 0;
> ^~~~~~~~~~~~~~~~~~~~~
> clogging_input_filters
> /usr/local2/apache2/include/httpd.h:1178:18: note: 'clogging_input_filters' declared here
> unsigned int clogging_input_filters:1;
> ^
> h2_conn.c:312:8: error: no member named 'data_in_output_filters' in 'struct conn_rec'
> c->data_in_output_filters = 0;
> ~ ^
> 2 errors generated.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
BTW, and I'm sure you know this, that this fails w/ trunk:
% make
Making all in mod_http2
CC mod_http2_la-h2_alt_svc.lo
CC mod_http2_la-h2_bucket_beam.lo
CC mod_http2_la-h2_bucket_eos.lo
CC mod_http2_la-h2_config.lo
CC mod_http2_la-h2_conn.lo
h2_conn.c:311:8: error: no member named 'data_in_input_filters' in 'struct conn_rec'; did you mean 'clogging_input_filters'?
c->data_in_input_filters = 0;
^~~~~~~~~~~~~~~~~~~~~
clogging_input_filters
/usr/local2/apache2/include/httpd.h:1178:18: note: 'clogging_input_filters' declared here
unsigned int clogging_input_filters:1;
^
h2_conn.c:312:8: error: no member named 'data_in_output_filters' in 'struct conn_rec'
c->data_in_output_filters = 0;
~ ^
2 errors generated.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
Gotcha. Thx.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
Sry, forgot that in my mail. It's described in "build from git" in the README.md, my mistake.
> Am 11.10.2018 um 12:42 schrieb Jim Jagielski <ji...@jaguNET.com>:
>
> I suggest you add
>
> 'autoreconf -i'
>
> as a prelim step.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
I suggest you add
'autoreconf -i'
as a prelim step.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
% autoconf
configure.ac:41: error: possibly undefined macro: AM_INIT_AUTOMAKE
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
% ls
AUTHORS DISCUSS Makefile.am README.md configure* mod-h2.xcodeproj/
COPYING INSTALL NEWS autom4te.cache/ configure.ac mod_http2/
ChangeLog LICENSE README config.log m4/ test/
% ./configure --with-apxs=/usr/local2/apache2/bin/apxs
./configure: line 2332: syntax error near unexpected token `2.2.6'
./configure: line 2332: `LT_PREREQ(2.2.6)'
% autoconf --version
autoconf (GNU Autoconf) 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+/Autoconf: GNU GPL version 3 or later
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 10.10.2018 um 21:30 schrieb Jim Jagielski <ji...@jaguNET.com>:
>
>
>
>> On Oct 10, 2018, at 10:04 AM, Stefan Eissing <st...@greenbytes.de> wrote:
>> I have started to convert the existing h2 testsuite in https://svn.apache.org/repos/asf/httpd/test/mod_h2/trunk from shell scripts to pytest in the github repro. I have a pytest suite for mod_md also in its github.
>>
>> My hope is to, one day, make those part of a httpd test suite, probably just by combining the separate standalone ones. Then we could have 'modules/ABC/test' as optional part of a module with a defined way to trigger them.
>>
>
> That would be great because it seems that almost no one is using it, or has been able to get that test suite to work. I know I haven't.
I would love to get feedback to mod-h2 tests from https://github.com/icing/mod_h2.
If you have an apxs and the apache/apr header files, pytest, nghttp2 and curl on your system, checkout and
> autoconf
> ./configure --with-apxs=<path to apxs>
> make
> make test
On my machine, this gives:
> make test
/Applications/Xcode.app/Contents/Developer/usr/bin/make -C test/ test
rsync -a --exclude="*.in" e2e/conf/*.* /Users/sei/projects/mod-h2/test/gen/apache/conf
cd e2e && py.test
=================================================================== test session starts ====================================================================
platform darwin -- Python 2.7.10, pytest-3.0.7, py-1.4.33, pluggy-0.4.0
rootdir: /Users/sei/projects/mod-h2/test/e2e, inifile:
collected 54 items
test_001_httpd_alive.py ..
test_002_curl_basics.py ......
test_003_curl_get.py .........
test_004_curl_post.py ....
test_100_conn_reuse.py .....
test_101_ssl_reneg.py .....
test_102_require.py ..
test_103_upgrade.py .......
test_200_header_invalid.py ...
test_201_header_conditional.py ..
test_202_trailer.py ....
test_300_interim.py ...
test_400_push.py ..
================================================================ 54 passed in 13.25 seconds ================================================================
On my ubuntu image I get additionally:
===================================================================== warnings summary =====================================================================
test_001_httpd_alive.py::TestStore::()::test_001_02
/home/sei/.local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:838: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/security.html
InsecureRequestWarning)
-- Docs: http://doc.pytest.org/en/latest/warnings.html
as I am not using 'mkcert' as of yet and certs are self-signed.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Oct 10, 2018, at 10:04 AM, Stefan Eissing <st...@greenbytes.de> wrote:
> I have started to convert the existing h2 testsuite in https://svn.apache.org/repos/asf/httpd/test/mod_h2/trunk from shell scripts to pytest in the github repro. I have a pytest suite for mod_md also in its github.
>
> My hope is to, one day, make those part of a httpd test suite, probably just by combining the separate standalone ones. Then we could have 'modules/ABC/test' as optional part of a module with a defined way to trigger them.
>
That would be great because it seems that almost no one is using it, or has been able to get that test suite to work. I know I haven't.
Re: Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T&R 2.4.36]
Posted by Rainer Jung <ra...@kippdata.de>.
Adding another debug snippet at the end ...
Am 13.10.2018 um 13:14 schrieb Rainer Jung:
> Hi Stefan,
>
> Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>>
>>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>>
>>> I believe that t/modules/http2.t is dying in this:
>>>
>>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>>
>>> piece of magic which I don't understand but possibly needs updating for
>>> TLSv1.3? Session handling is different now... everything is broken.
>>
>> I think there was no official way to add SNI to AnyEvent and I had to
>> hack this. Unless anyone has another suggestion, I am in favour of
>> removing the t/modules/http2.t again.
>
> Note that if I manually send http2 requests using a recent curl, I get
> failures as well (for 2.4.36).
>
> The t/modules/http2.t indeed fails for each https test, even the simple
> first one retrieving / and checking for status 200. One bug seems to me
> in the test script, that it fails silently and simply notes that not all
> tests have run at the end.
>
> But if I only start the server using "t/TEST -start-httpd" and then run
> a curl test request against the h2 port 8557, I get failures as well.
> The server was build with TLS 1.3 support, but the failures occur with
> an 1.3 client but also with an 1.2 client (different builds of curl). I
> marked below lines probably indicating the failure with ^^^^^^^^ .
>
> Here are details:
>
> curl TLS 1.3 client output
> ==========================
>
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to localhost (127.0.0.1) port 8557 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use h2
> * Server certificate:
> * subject: C=US; ST=California; L=San Francisco; O=ASF;
> OU=httpd-test/rsa-test; CN=localhost;
> emailAddress=test-dev@httpd.apache.org
> * start date: Oct 13 08:40:49 2018 GMT
> * expire date: Oct 13 08:40:49 2019 GMT
> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test;
> CN=ca; emailAddress=test-dev@httpd.apache.org
> * SSL certificate verify result: self signed certificate in certificate
> chain (19), continuing anyway.
> * Using HTTP2, server supports multi-use
> * Connection state changed (HTTP/2 confirmed)
> * Copying HTTP/2 data in stream buffer to connection buffer after
> upgrade: len=0
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * Using Stream ID: 1 (easy handle 0x26ab080)
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> > GET / HTTP/2
> > Host: localhost:8557
> > User-Agent: curl/7.61.1
> > Accept: */*
> >
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> * TLSv1.3 (IN), TLS alert, [no content] (0):
> * TLSv1.3 (IN), TLS alert, close notify (256):
> * Empty reply from server
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> * Connection #0 to host localhost left intact
> curl: (52) Empty reply from server
>
> curl TLS 1.3 server error log
> =============================
>
> 12:37:23.974210 [example_hooks:notice] x_create_connection()
> 12:37:23.974598 [ssl:info] AH01964: Connection to child 66 established
> (server localhost:8557)
> 12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding
> PRNG with 144 bytes of entropy
> 12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling
> non-blocking writes
> 12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
> Handshake: start
> 12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> before SSL initialization
> 12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
> 12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
> 512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump follows)
> 12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> before SSL initialization
> 12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
> virtual host for servername localhost found
> 12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
> virtual host for servername localhost found
> 12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select protocol
> from h2,http/1.1, choices=h2,http/1.1 for server localhost
> 12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select protocol,
> proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
> 12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected
> protocol=h2
> 12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read client hello
> 12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write server hello
> 12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write change cipher spec
> 12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> TLSv1.3 write encrypted extensions
> 12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write certificate
> 12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> TLSv1.3 write server certificate verify
> 12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
> 12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
> 2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.982723 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
> 12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.982776 [core:trace8] core_filters.c(569): total bytes written:
> 2532
> 12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write finished
> 12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> TLSv1.3 early data
> 12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
> 12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
> bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
> 12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
> 12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 69/69
> bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
> 12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> TLSv1.3 early data
> 12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read finished
> 12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
> Handshake: done
> 12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
> Handshake: start
> 12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
> 12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
> 287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.985747 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
> 12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.985801 [core:trace8] core_filters.c(569): total bytes written:
> 2819
> 12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write session ticket
> 12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
> Handshake: done
> 12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
> Handshake: start
> 12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
> 12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
> 303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.986138 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
> 12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.986172 [core:trace8] core_filters.c(569): total bytes written:
> 3122
> 12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write session ticket
> 12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
> Handshake: done
> 12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.986272 [http2:debug] h2_session.c(924): AH03200:
> h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768,
> workers_limit=6, workers_max=37, push_diary(type=1,N=256)
> 12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201:
> h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
> MAX_CONCURRENT_STREAMS=100
> 12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079:
> h2_session(66,INIT,0): started on localhost:8557
> 12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
> 12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 41/41
> bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 44/44
> bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986530 [http2:debug] h2_session.c(341): AH03066:
> h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]],
> frames=0/0 (r/s)
> 12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 30/30
> bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986596 [http2:debug] h2_session.c(341): AH03066:
> h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0,
> incr=1073676289]], frames=1/0 (r/s)
> 12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 56/56
> bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082:
> h2_stream(66-1,IDLE): created
> 12:37:23.986837 [http2:debug] h2_session.c(341): AH03066:
> h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1,
> eos=1]], frames=2/0 (r/s)
> 12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
> bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
> 12:37:23.986926 [http2:debug] h2_session.c(589): AH03068:
> h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]],
> frames=3/1 (r/s)
> 12:37:23.986937 [http2:debug] h2_session.c(589): AH03068:
> h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2
> (r/s)
> 12:37:23.986944 [http2:debug] h2_session.c(589): AH03068:
> h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0,
> incr=2147418112]], frames=3/3 (r/s)
> 12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> 12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59
> bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.987029 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> 12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.987060 [core:trace8] core_filters.c(569): total bytes written:
> 3181
> 12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
> bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
> 12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401:
> h2_session(66,BUSY,1): conn error -> shutdown
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 12:37:23.987105 [http2:debug] h2_session.c(589): AH03068:
> h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='',
> last_stream=1]], frames=3/4 (r/s)
> 12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> 12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 39/39
> bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.987172 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> 12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.987195 [core:trace8] core_filters.c(569): total bytes written:
> 3220
> 12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.987205 [http2:debug] h2_session.c(715): AH03069:
> h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
> 12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
> 12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file found:
> AH03045: h2_session(66,DONE,1): process, closing conn
> 12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
> 12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook test
> said: GET / HTTP/2.0
> 12:37:23.992176 [optional_fn_export:error] AH01871: Optional function
> test said: GET / HTTP/2.0
> 12:37:23.992337 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992357 [core:trace8] core_filters.c(569): total bytes written:
> 3220
> 12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
> 12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 24/24
> bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.992426 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
> 12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992470 [core:trace8] core_filters.c(569): total bytes written:
> 3244
> 12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write:
> SSL negotiation finished successfully
> 12:37:23.992491 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992503 [core:trace8] core_filters.c(569): total bytes written:
> 3244
> 12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection
> closed to child 66 with standard shutdown (server localhost:8557)
> 12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
>
> curl TLS 1.2 client output
> ==========================
>
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to localhost (127.0.0.1) port 8557 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * ALPN, server accepted to use h2
> * Server certificate:
> * subject: C=US; ST=California; L=San Francisco; O=ASF;
> OU=httpd-test/rsa-test; CN=localhost;
> emailAddress=test-dev@httpd.apache.org
> * start date: Oct 13 08:40:49 2018 GMT
> * expire date: Oct 13 08:40:49 2019 GMT
> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test;
> CN=ca; emailAddress=test-dev@httpd.apache.org
> * SSL certificate verify result: self signed certificate in certificate
> chain (19), continuing anyway.
> * Using HTTP2, server supports multi-use
> * Connection state changed (HTTP/2 confirmed)
> * Copying HTTP/2 data in stream buffer to connection buffer after
> upgrade: len=0
> * Using Stream ID: 1 (easy handle 0x1d5e5e0)
> > GET / HTTP/2
> > Host: localhost:8557
> > User-Agent: curl/7.61.1
> > Accept: */*
> >
> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
> * TLSv1.2 (IN), TLS alert, close notify (256):
> * Empty reply from server
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> * Connection #0 to host localhost left intact
> curl: (52) Empty reply from server
>
>
> curl TLS 1.2 server error log
> =============================
>
> 12:43:43.580661 [ssl:info] AH01964: Connection to child 83 established
> (server localhost:8557)
> 12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling
> non-blocking writes
> 12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
> Handshake: start
> 12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> before SSL initialization
> 12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
> 12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
> 512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump follows)
> 12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> before SSL initialization
> 12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
> virtual host for servername localhost found
> 12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
> virtual host for servername localhost found
> 12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select protocol
> from h2,http/1.1, choices=h2,http/1.1 for server localhost
> 12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select protocol,
> proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
> 12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected
> protocol=h2
> 12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read client hello
> 12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write server hello
> 12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write certificate
> 12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write key exchange
> 12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
> 12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
> 2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
> 12:43:43.585620 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
> 12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.585682 [core:trace8] core_filters.c(569): total bytes written:
> 2398
> 12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write server done
> 12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
> 12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 70/70
> bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
> 12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write server done
> 12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
> 12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
> bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
> 12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read client key exchange
> 12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
> bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
> 12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 40/40
> bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
> 12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read change cipher spec
> 12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS read finished
> 12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write change cipher spec
> 12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
> 12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 51/51
> bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
> 12:43:43.587737 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
> 12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.587779 [core:trace8] core_filters.c(569): total bytes written:
> 2449
> 12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
> SSLv3/TLS write finished
> 12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
> Handshake: done
> 12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
> Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> 12:43:43.587888 [http2:debug] h2_session.c(924): AH03200:
> h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768,
> workers_limit=6, workers_max=37, push_diary(type=1,N=256)
> 12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201:
> h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
> MAX_CONCURRENT_STREAMS=100
> 12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079:
> h2_session(83,INIT,0): started on localhost:8557
> 12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
> 12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
> bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
> 12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401:
> h2_session(83,BUSY,0): conn error -> shutdown
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 12:43:43.587985 [http2:debug] h2_session.c(589): AH03068:
> h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]],
> frames=0/1 (r/s)
> 12:43:43.587992 [http2:debug] h2_session.c(589): AH03068:
> h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0,
> incr=2147418112]], frames=0/2 (r/s)
> 12:43:43.587998 [http2:debug] h2_session.c(589): AH03068:
> h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='',
> last_stream=0]], frames=0/3 (r/s)
> 12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
> 12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 74/74
> bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
> 12:43:43.588090 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
> 12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588112 [core:trace8] core_filters.c(569): total bytes written:
> 2523
> 12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588122 [http2:debug] h2_session.c(715): AH03069:
> h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
> 12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
> 12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file found:
> AH03045: h2_session(83,DONE,0): process, closing conn
> 12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078:
> h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
> 12:43:43.588163 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588174 [core:trace8] core_filters.c(569): total bytes written:
> 2523
> 12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
> 12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 31/31
> bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
> 12:43:43.588219 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
> 12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588239 [core:trace8] core_filters.c(569): total bytes written:
> 2554
> 12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write:
> SSL negotiation finished successfully
> 12:43:43.588253 [core:trace6] core_filters.c(525): will flush because of
> FLUSH bucket
> 12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so
> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588263 [core:trace8] core_filters.c(569): total bytes written:
> 2554
> 12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection
> closed to child 83 with standard shutdown (server localhost:8557)
> 12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains:
> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
> Could it be, that the ssl read directly above the conn error detected is
> the culprit. It reads 0 bytes. Maybe we are in h2_session.c in this block:
>
> 2215 case H2_SESSION_ST_BUSY:
> 2216 if (nghttp2_session_want_read(session->ngh2)) {
> 2217 ap_update_child_status(session->c->sbh,
> SERVER_BUSY_READ, NULL);
> 2218 h2_filter_cin_timeout_set(session->cin,
> session->s->timeout);
> 2219 status = h2_session_read(session, 0);
> 2220 if (status == APR_SUCCESS) {
> 2221 session->have_read = 1;
> 2222 }
> 2223 else if (status == APR_EAGAIN) {
> 2224 /* nothing to read */
> 2225 }
> 2226 else if (APR_STATUS_IS_TIMEUP(status)) {
> 2227 dispatch_event(session,
> H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
> 2228 break;
> 2229 }
> 2230 else {
> 2231 dispatch_event(session,
> H2_SESSION_EV_CONN_ERROR, 0, NULL);
> 2232 }
> 2233 }
>
> and maybe h2_session_read() (using session_read()) returns an unexpected
> result code? Although I must confess, this is speculation and I don't
> really see, where this could happen.
... and verbose output from the nghttp client bundled with the nghttp2
library (the same one that was used to build curl, version 1.33.0):
Trying next address 127.0.0.1
[ 0.001] Connected
The negotiated protocol: h2
[ 0.019] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
(niv=2)
[SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
[SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[ 0.019] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
(dep_stream_id=0, weight=201, exclusive=0)
[ 0.020] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
(dep_stream_id=0, weight=101, exclusive=0)
[ 0.020] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
(dep_stream_id=0, weight=1, exclusive=0)
[ 0.020] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
(dep_stream_id=7, weight=1, exclusive=0)
[ 0.020] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
(dep_stream_id=3, weight=1, exclusive=0)
[ 0.020] send HEADERS frame <length=38, flags=0x25, stream_id=13>
; END_STREAM | END_HEADERS | PRIORITY
(padlen=0, dep_stream_id=11, weight=16, exclusive=0)
; Open new stream
:method: GET
:path: /
:scheme: https
:authority: localhost:8557
accept: */*
accept-encoding: gzip, deflate
user-agent: nghttp2/1.33.0
[ 0.020] recv SETTINGS frame <length=6, flags=0x00, stream_id=0>
(niv=1)
[SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
[ 0.020] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
(window_size_increment=2147418112)
[ 0.020] recv GOAWAY frame <length=8, flags=0x00, stream_id=0>
(last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
Some requests were not processed. total=1, processed=0
and on the server:
...
13:17:09.122788 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
Handshake: done
13:17:09.122797 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
13:17:09.122892 [http2:debug] h2_session.c(924): AH03200:
h2_session(128,INIT,0): created, max_streams=100, stream_mem=32768,
workers_limit=6, workers_max=37, push_diary(type=1,N=256)
13:17:09.122919 [http2:debug] h2_session.c(1017): AH03201:
h2_session(128,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
MAX_CONCURRENT_STREAMS=100
13:17:09.122938 [http2:debug] h2_session.c(2105): AH03079:
h2_session(128,INIT,0): started on localhost:8557
13:17:09.122945 [http2:debug] h2_session.c(1670): AH03078:
h2_session(128,BUSY,0): transit [INIT] -- init --> [BUSY]
13:17:09.122987 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe688007b20 [mem: 7fe6880200f3] (BIO dump follows)
13:17:09.123010 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
179/179 bytes from BIO#7fe688007b20 [mem: 7fe6880200f8] (BIO dump follows)
13:17:09.123122 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[SETTINGS[length=12, stream=0]],
frames=0/0 (r/s)
13:17:09.123141 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[PRIORITY[length=5, flags=0,
stream=3]], frames=1/0 (r/s)
13:17:09.123148 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[PRIORITY[length=5, flags=0,
stream=5]], frames=2/0 (r/s)
13:17:09.123153 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[PRIORITY[length=5, flags=0,
stream=7]], frames=3/0 (r/s)
13:17:09.123168 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[PRIORITY[length=5, flags=0,
stream=9]], frames=4/0 (r/s)
13:17:09.123174 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,0): recv FRAME[PRIORITY[length=5, flags=0,
stream=11]], frames=5/0 (r/s)
13:17:09.123187 [http2:debug] h2_stream.c(552): AH03082:
h2_stream(128-13,IDLE): created
13:17:09.123245 [http2:debug] h2_session.c(341): AH03066:
h2_session(128,BUSY,1): recv FRAME[HEADERS[length=38, hend=1, stream=13,
eos=1]], frames=6/0 (r/s)
13:17:09.123274 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
bytes from BIO#7fe688007b20 [mem: 7fe6880200f3] (BIO dump follows)
13:17:09.123405 [http2:debug] h2_session.c(589): AH03068:
h2_session(128,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]],
frames=7/1 (r/s)
13:17:09.123418 [http2:debug] h2_session.c(589): AH03068:
h2_session(128,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]],
frames=7/2 (r/s)
13:17:09.123423 [http2:debug] h2_session.c(589): AH03068:
h2_session(128,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0,
incr=2147418112]], frames=7/3 (r/s)
13:17:09.123449 [core:trace8] core_filters.c(580): brigade contains:
bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
13:17:09.123462 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59
bytes to BIO#7fe688004a50 [mem: 7fe6880114b3] (BIO dump follows)
13:17:09.123505 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
13:17:09.123508 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
13:17:09.123512 [core:trace8] core_filters.c(554): flushing now
13:17:09.123532 [core:trace8] core_filters.c(569): total bytes written: 3181
13:17:09.123537 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
13:17:09.123554 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
bytes from BIO#7fe688007b20 [mem: 7fe6880200f3] (BIO dump follows)
13:17:09.123568 [http2:debug] h2_session.c(1760): AH03401:
h2_session(128,BUSY,1): conn error -> shutdown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
13:17:09.123576 [http2:debug] h2_session.c(589): AH03068:
h2_session(128,BUSY,1): sent FRAME[GOAWAY[error=0, reason='',
last_stream=13]], frames=7/4 (r/s)
...
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Stefan, Joe and all,
Am 16.10.2018 um 11:15 schrieb Joe Orton:
> On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote:
>> I'm currently testing the following patch which looks OK wrt. test suite
>> results. Need to run more combinations (OpenSSL version client versus
>> server) though. Server with 1.1.1 and with 1.0.2p both look OK (including
>> the h2 tests). Maybe some cases could be folded together or be dropped, but
>> I tried to make the logic changes not to big. The SSL_ERROR_ZERO_RETURN part
>> is new, because without that we get an ssl:info log line AH01992 with error
>> 6 (SSL_ERROR_ZERO_RETURN) at the end of the response (at least with 1.1.1).
>
> Thanks a lot Rainer & Stefan, sorry I didn't follow through on that
> ticket/issue far enough. Strike it down as another way that 1.1.1
> really is ABI-incompatible with <1.1.1 :(
>
> The change committed to ssl_engine_io.c makes sense to me. I wonder if
> mod_ssl should also handle SSL_ERROR_WANT_WRITE here as well. It will be
> clearly logged if that happens ("SSL library error 3 reading data") so
> we should find out anyway.
Thanks to you both for double checking.
I tried to keep behavior change restricted to the observed problem but
yes, it might be, that a more complete approach would cover more cases,
that we are just not aware right now. It is just that I don't feel
myself in a position for that more complete approach.
I will propose the current trunk change for 2.4 but any suggestions for
improvements would be highly welcome. My testing currently at least
shows no problems with the httpd test suite.
Regards,
Rainer
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Joe Orton <jo...@redhat.com>.
On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote:
> I'm currently testing the following patch which looks OK wrt. test suite
> results. Need to run more combinations (OpenSSL version client versus
> server) though. Server with 1.1.1 and with 1.0.2p both look OK (including
> the h2 tests). Maybe some cases could be folded together or be dropped, but
> I tried to make the logic changes not to big. The SSL_ERROR_ZERO_RETURN part
> is new, because without that we get an ssl:info log line AH01992 with error
> 6 (SSL_ERROR_ZERO_RETURN) at the end of the response (at least with 1.1.1).
Thanks a lot Rainer & Stefan, sorry I didn't follow through on that
ticket/issue far enough. Strike it down as another way that 1.1.1
really is ABI-incompatible with <1.1.1 :(
The change committed to ssl_engine_io.c makes sense to me. I wonder if
mod_ssl should also handle SSL_ERROR_WANT_WRITE here as well. It will be
clearly logged if that happens ("SSL library error 3 reading data") so
we should find out anyway.
Regards, Joe
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 15.10.2018 um 23:16 schrieb Rainer Jung <ra...@kippdata.de>:
>
> Adjusted SSL_read() rc value 0 handling applied in r1843954 to trunk. I'll let it sit there until tomorrow for comments and then suggest for backport.
Thanks, Rainer!
The h2 test suite runs as smoothly as it did before on my machine with OpenSSL 1.1.1 in trunk. I am all for backporting and testing von 2.4.x on this.
-Stefan
>
> Am 15.10.2018 um 12:55 schrieb Rainer Jung:
>> Am 15.10.2018 um 10:02 schrieb Stefan Eissing:
>>>
>>>
>>>> Am 14.10.2018 um 00:46 schrieb Rainer Jung <ra...@kippdata.de>:
>>>>
>>>> It seems the h2 failure only happens when building httpd against OpenSSL 1.1.1 (independent of TLS version used). I did a quick check with an httpd build against 1.1.0i and there the same vhost of the test framework instance worked with the same clients, that failed for 1.1.1.
>>>>
>>>> The client side OpenSSL version seems not to matter.
>>>>
>>>> When using 1.1.1 in the server even browsers seem to fail with h2.
>>>>
>>>> Anyone who can successfully use h2 with 2.4.36 build against OpenSSL 1.1.1?
>>>
>>> Me, and I got reports from others.
>>>
>>>> When comparing trace logs between the 1.1.1 server and the 1.1.0i server, one can see, that a failing OpenSSL read (0 bytes) results in APR_EOF (70014) for 1.1.1 but in errno 11 (EAGAIN) for 1.1.0i. I wonder whether this is due to the new SSL_MODE_AUTO_RETRY and maybe the following change:
>>>>
>>>> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
>>>> + /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
>>>> + * to consume handshake records without blocking for app-data.
>>>> + * https://github.com/openssl/openssl/issues/7178 */
>>>> + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
>>>> +#endif
>>>
>>> Hmm, just read the ticket made by Joe regarding this change.
>>>
>>> I try to summarize my understanding:
>>>
>>> - this has nothing to do with HTTP/2 in particular. It's only triggered by the h2 calling sequence.
>>> - SSL_read() only returns transport data, but sometimes reads (part of) TLS meta data, such as handshake messages.
>>> - When it reads this meta data (and has processed it), it can either do another read directly after or return with
>>> its equivalent of EAGAIN. By default, it does the first.
>>> - The change in handshake handling between TLSv1.2 and TLSv1.3 led, in Joe's testing, to the case where SSL_read()'s
>>> internal re-read() on the socket blocked, as the client was not sending anything.
>>> - So, after discussion on the openssl issue tracker, Joe changed the OpenSSL behaviour of this by inserting the code above.
>>> - Now, when SSL_read() is called, processes some meta data, it will not read() on the socket again, but return a read of length 0.
>>> - mod_ssl interprets this as EOF:
>>> ssl_engine_io.c, lines 673..
>>>
>>> else if (rc == 0) {
>>> /* If EAGAIN, we will loop given a blocking read,
>>> * otherwise consider ourselves at EOF.
>>> */
>>>
>>> and returns APR_EOF to h2 which then shuts the connection down.
>>>
>>> To my understanding, mod_ssl's ssl_engine_io.c, ssl_io_input_read() has the special case handling that:
>>> - if it gets a SSL_ERROR_WANT_READ from SSL_read(), it remembers that, calls again
>>> - if SSL_read() == 0, non-blocking, it
>>> a) on having seen SSL_ERROR_WANT_READ before, return APR_EGAIN
>>> b) otherwise, return APR_EOF
>>>
>>> OpenSSL's documentation of SSL_read() now states:
>>>
>>>> Old documentation indicated a difference between 0 and -1, and that -1 was retry-able.
>>>> You should instead call SSL_get_error() to find out if it's retry-able.
>>>
>>> So, we should change our logic here. Anyone having the courage to do so? ;-)
>> Thanks for the further investigations.
>> I'm currently testing the following patch which looks OK wrt. test suite results. Need to run more combinations (OpenSSL version client versus server) though. Server with 1.1.1 and with 1.0.2p both look OK (including the h2 tests). Maybe some cases could be folded together or be dropped, but I tried to make the logic changes not to big. The SSL_ERROR_ZERO_RETURN part is new, because without that we get an ssl:info log line AH01992 with error 6 (SSL_ERROR_ZERO_RETURN) at the end of the response (at least with 1.1.1).
>> --- modules/ssl/ssl_engine_io.c.orig 2018-08-15 17:01:08.000000000 +0200
>> +++ modules/ssl/ssl_engine_io.c 2018-10-15 11:46:01.258042000 +0200
>> @@ -680,35 +680,32 @@
>> }
>> return inctx->rc;
>> }
>> - else if (rc == 0) {
>> - /* If EAGAIN, we will loop given a blocking read,
>> - * otherwise consider ourselves at EOF.
>> - */
>> - if (APR_STATUS_IS_EAGAIN(inctx->rc)
>> - || APR_STATUS_IS_EINTR(inctx->rc)) {
>> - /* Already read something, return APR_SUCCESS instead.
>> - * On win32 in particular, but perhaps on other kernels,
>> - * a blocking call isn't 'always' blocking.
>> + else /* (rc <= 0) */ {
>> + if (rc == 0) {
>> + /* If EAGAIN, we will loop given a blocking read,
>> + * otherwise consider ourselves at EOF.
>> */
>> - if (*len > 0) {
>> - inctx->rc = APR_SUCCESS;
>> - break;
>> - }
>> - if (inctx->block == APR_NONBLOCK_READ) {
>> - break;
>> - }
>> - }
>> - else {
>> - if (*len > 0) {
>> - inctx->rc = APR_SUCCESS;
>> + if (APR_STATUS_IS_EAGAIN(inctx->rc)
>> + || APR_STATUS_IS_EINTR(inctx->rc)) {
>> + /* Already read something, return APR_SUCCESS instead.
>> + * On win32 in particular, but perhaps on other kernels,
>> + * a blocking call isn't 'always' blocking.
>> + */
>> + if (*len > 0) {
>> + inctx->rc = APR_SUCCESS;
>> + break;
>> + }
>> + if (inctx->block == APR_NONBLOCK_READ) {
>> + break;
>> + }
>> }
>> else {
>> - inctx->rc = APR_EOF;
>> + if (*len > 0) {
>> + inctx->rc = APR_SUCCESS;
>> + break;
>> + }
>> }
>> - break;
>> }
>> - }
>> - else /* (rc < 0) */ {
>> int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);
>> conn_rec *c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);
>> @@ -754,6 +751,10 @@
>> "SSL input filter read failed.");
>> }
>> }
>> + else if (rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN) {
>> + inctx->rc = APR_EOF;
>> + break;
>> + }
>> else /* if (ssl_err == SSL_ERROR_SSL) */ {
>> /*
>> * Log SSL errors and any unexpected conditions.
>> @@ -763,6 +764,10 @@
>> ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
>> }
>> + if (rc == 0) {
>> + inctx->rc = APR_EOF;
>> + break;
>> + }
>> if (inctx->rc == APR_SUCCESS) {
>> inctx->rc = APR_EGENERAL;
>> }
>> Regards,
>> Rainer
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Rainer Jung <ra...@kippdata.de>.
Adjusted SSL_read() rc value 0 handling applied in r1843954 to trunk.
I'll let it sit there until tomorrow for comments and then suggest for
backport.
Am 15.10.2018 um 12:55 schrieb Rainer Jung:
> Am 15.10.2018 um 10:02 schrieb Stefan Eissing:
>>
>>
>>> Am 14.10.2018 um 00:46 schrieb Rainer Jung <ra...@kippdata.de>:
>>>
>>> It seems the h2 failure only happens when building httpd against
>>> OpenSSL 1.1.1 (independent of TLS version used). I did a quick check
>>> with an httpd build against 1.1.0i and there the same vhost of the
>>> test framework instance worked with the same clients, that failed for
>>> 1.1.1.
>>>
>>> The client side OpenSSL version seems not to matter.
>>>
>>> When using 1.1.1 in the server even browsers seem to fail with h2.
>>>
>>> Anyone who can successfully use h2 with 2.4.36 build against OpenSSL
>>> 1.1.1?
>>
>> Me, and I got reports from others.
>>
>>> When comparing trace logs between the 1.1.1 server and the 1.1.0i
>>> server, one can see, that a failing OpenSSL read (0 bytes) results in
>>> APR_EOF (70014) for 1.1.1 but in errno 11 (EAGAIN) for 1.1.0i. I
>>> wonder whether this is due to the new SSL_MODE_AUTO_RETRY and maybe
>>> the following change:
>>>
>>> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
>>> + /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
>>> + * to consume handshake records without blocking for app-data.
>>> + * https://github.com/openssl/openssl/issues/7178 */
>>> + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
>>> +#endif
>>
>> Hmm, just read the ticket made by Joe regarding this change.
>>
>> I try to summarize my understanding:
>>
>> - this has nothing to do with HTTP/2 in particular. It's only
>> triggered by the h2 calling sequence.
>> - SSL_read() only returns transport data, but sometimes reads (part
>> of) TLS meta data, such as handshake messages.
>> - When it reads this meta data (and has processed it), it can either
>> do another read directly after or return with
>> its equivalent of EAGAIN. By default, it does the first.
>> - The change in handshake handling between TLSv1.2 and TLSv1.3 led, in
>> Joe's testing, to the case where SSL_read()'s
>> internal re-read() on the socket blocked, as the client was not
>> sending anything.
>> - So, after discussion on the openssl issue tracker, Joe changed the
>> OpenSSL behaviour of this by inserting the code above.
>> - Now, when SSL_read() is called, processes some meta data, it will
>> not read() on the socket again, but return a read of length 0.
>> - mod_ssl interprets this as EOF:
>> ssl_engine_io.c, lines 673..
>>
>> else if (rc == 0) {
>> /* If EAGAIN, we will loop given a blocking read,
>> * otherwise consider ourselves at EOF.
>> */
>>
>> and returns APR_EOF to h2 which then shuts the connection down.
>>
>> To my understanding, mod_ssl's ssl_engine_io.c, ssl_io_input_read()
>> has the special case handling that:
>> - if it gets a SSL_ERROR_WANT_READ from SSL_read(), it remembers that,
>> calls again
>> - if SSL_read() == 0, non-blocking, it
>> a) on having seen SSL_ERROR_WANT_READ before, return APR_EGAIN
>> b) otherwise, return APR_EOF
>>
>> OpenSSL's documentation of SSL_read() now states:
>>
>>> Old documentation indicated a difference between 0 and -1, and that
>>> -1 was retry-able.
>>> You should instead call SSL_get_error() to find out if it's retry-able.
>>
>> So, we should change our logic here. Anyone having the courage to do
>> so? ;-)
>
> Thanks for the further investigations.
>
> I'm currently testing the following patch which looks OK wrt. test suite
> results. Need to run more combinations (OpenSSL version client versus
> server) though. Server with 1.1.1 and with 1.0.2p both look OK
> (including the h2 tests). Maybe some cases could be folded together or
> be dropped, but I tried to make the logic changes not to big. The
> SSL_ERROR_ZERO_RETURN part is new, because without that we get an
> ssl:info log line AH01992 with error 6 (SSL_ERROR_ZERO_RETURN) at the
> end of the response (at least with 1.1.1).
>
> --- modules/ssl/ssl_engine_io.c.orig 2018-08-15 17:01:08.000000000 +0200
> +++ modules/ssl/ssl_engine_io.c 2018-10-15 11:46:01.258042000 +0200
> @@ -680,35 +680,32 @@
> }
> return inctx->rc;
> }
> - else if (rc == 0) {
> - /* If EAGAIN, we will loop given a blocking read,
> - * otherwise consider ourselves at EOF.
> - */
> - if (APR_STATUS_IS_EAGAIN(inctx->rc)
> - || APR_STATUS_IS_EINTR(inctx->rc)) {
> - /* Already read something, return APR_SUCCESS instead.
> - * On win32 in particular, but perhaps on other kernels,
> - * a blocking call isn't 'always' blocking.
> + else /* (rc <= 0) */ {
> + if (rc == 0) {
> + /* If EAGAIN, we will loop given a blocking read,
> + * otherwise consider ourselves at EOF.
> */
> - if (*len > 0) {
> - inctx->rc = APR_SUCCESS;
> - break;
> - }
> - if (inctx->block == APR_NONBLOCK_READ) {
> - break;
> - }
> - }
> - else {
> - if (*len > 0) {
> - inctx->rc = APR_SUCCESS;
> + if (APR_STATUS_IS_EAGAIN(inctx->rc)
> + || APR_STATUS_IS_EINTR(inctx->rc)) {
> + /* Already read something, return APR_SUCCESS instead.
> + * On win32 in particular, but perhaps on other
> kernels,
> + * a blocking call isn't 'always' blocking.
> + */
> + if (*len > 0) {
> + inctx->rc = APR_SUCCESS;
> + break;
> + }
> + if (inctx->block == APR_NONBLOCK_READ) {
> + break;
> + }
> }
> else {
> - inctx->rc = APR_EOF;
> + if (*len > 0) {
> + inctx->rc = APR_SUCCESS;
> + break;
> + }
> }
> - break;
> }
> - }
> - else /* (rc < 0) */ {
> int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);
> conn_rec *c =
> (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);
>
> @@ -754,6 +751,10 @@
> "SSL input filter read failed.");
> }
> }
> + else if (rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN) {
> + inctx->rc = APR_EOF;
> + break;
> + }
> else /* if (ssl_err == SSL_ERROR_SSL) */ {
> /*
> * Log SSL errors and any unexpected conditions.
> @@ -763,6 +764,10 @@
> ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO,
> mySrvFromConn(c));
>
> }
> + if (rc == 0) {
> + inctx->rc = APR_EOF;
> + break;
> + }
> if (inctx->rc == APR_SUCCESS) {
> inctx->rc = APR_EGENERAL;
> }
>
> Regards,
>
> Rainer
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Rainer Jung <ra...@kippdata.de>.
Am 15.10.2018 um 10:02 schrieb Stefan Eissing:
>
>
>> Am 14.10.2018 um 00:46 schrieb Rainer Jung <ra...@kippdata.de>:
>>
>> It seems the h2 failure only happens when building httpd against OpenSSL 1.1.1 (independent of TLS version used). I did a quick check with an httpd build against 1.1.0i and there the same vhost of the test framework instance worked with the same clients, that failed for 1.1.1.
>>
>> The client side OpenSSL version seems not to matter.
>>
>> When using 1.1.1 in the server even browsers seem to fail with h2.
>>
>> Anyone who can successfully use h2 with 2.4.36 build against OpenSSL 1.1.1?
>
> Me, and I got reports from others.
>
>> When comparing trace logs between the 1.1.1 server and the 1.1.0i server, one can see, that a failing OpenSSL read (0 bytes) results in APR_EOF (70014) for 1.1.1 but in errno 11 (EAGAIN) for 1.1.0i. I wonder whether this is due to the new SSL_MODE_AUTO_RETRY and maybe the following change:
>>
>> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
>> + /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
>> + * to consume handshake records without blocking for app-data.
>> + * https://github.com/openssl/openssl/issues/7178 */
>> + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
>> +#endif
>
> Hmm, just read the ticket made by Joe regarding this change.
>
> I try to summarize my understanding:
>
> - this has nothing to do with HTTP/2 in particular. It's only triggered by the h2 calling sequence.
> - SSL_read() only returns transport data, but sometimes reads (part of) TLS meta data, such as handshake messages.
> - When it reads this meta data (and has processed it), it can either do another read directly after or return with
> its equivalent of EAGAIN. By default, it does the first.
> - The change in handshake handling between TLSv1.2 and TLSv1.3 led, in Joe's testing, to the case where SSL_read()'s
> internal re-read() on the socket blocked, as the client was not sending anything.
> - So, after discussion on the openssl issue tracker, Joe changed the OpenSSL behaviour of this by inserting the code above.
> - Now, when SSL_read() is called, processes some meta data, it will not read() on the socket again, but return a read of length 0.
> - mod_ssl interprets this as EOF:
> ssl_engine_io.c, lines 673..
>
> else if (rc == 0) {
> /* If EAGAIN, we will loop given a blocking read,
> * otherwise consider ourselves at EOF.
> */
>
> and returns APR_EOF to h2 which then shuts the connection down.
>
> To my understanding, mod_ssl's ssl_engine_io.c, ssl_io_input_read() has the special case handling that:
> - if it gets a SSL_ERROR_WANT_READ from SSL_read(), it remembers that, calls again
> - if SSL_read() == 0, non-blocking, it
> a) on having seen SSL_ERROR_WANT_READ before, return APR_EGAIN
> b) otherwise, return APR_EOF
>
> OpenSSL's documentation of SSL_read() now states:
>
>> Old documentation indicated a difference between 0 and -1, and that -1 was retry-able.
>> You should instead call SSL_get_error() to find out if it's retry-able.
>
> So, we should change our logic here. Anyone having the courage to do so? ;-)
Thanks for the further investigations.
I'm currently testing the following patch which looks OK wrt. test suite
results. Need to run more combinations (OpenSSL version client versus
server) though. Server with 1.1.1 and with 1.0.2p both look OK
(including the h2 tests). Maybe some cases could be folded together or
be dropped, but I tried to make the logic changes not to big. The
SSL_ERROR_ZERO_RETURN part is new, because without that we get an
ssl:info log line AH01992 with error 6 (SSL_ERROR_ZERO_RETURN) at the
end of the response (at least with 1.1.1).
--- modules/ssl/ssl_engine_io.c.orig 2018-08-15 17:01:08.000000000 +0200
+++ modules/ssl/ssl_engine_io.c 2018-10-15 11:46:01.258042000 +0200
@@ -680,35 +680,32 @@
}
return inctx->rc;
}
- else if (rc == 0) {
- /* If EAGAIN, we will loop given a blocking read,
- * otherwise consider ourselves at EOF.
- */
- if (APR_STATUS_IS_EAGAIN(inctx->rc)
- || APR_STATUS_IS_EINTR(inctx->rc)) {
- /* Already read something, return APR_SUCCESS instead.
- * On win32 in particular, but perhaps on other kernels,
- * a blocking call isn't 'always' blocking.
+ else /* (rc <= 0) */ {
+ if (rc == 0) {
+ /* If EAGAIN, we will loop given a blocking read,
+ * otherwise consider ourselves at EOF.
*/
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
- break;
- }
- if (inctx->block == APR_NONBLOCK_READ) {
- break;
- }
- }
- else {
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
+ if (APR_STATUS_IS_EAGAIN(inctx->rc)
+ || APR_STATUS_IS_EINTR(inctx->rc)) {
+ /* Already read something, return APR_SUCCESS instead.
+ * On win32 in particular, but perhaps on other
kernels,
+ * a blocking call isn't 'always' blocking.
+ */
+ if (*len > 0) {
+ inctx->rc = APR_SUCCESS;
+ break;
+ }
+ if (inctx->block == APR_NONBLOCK_READ) {
+ break;
+ }
}
else {
- inctx->rc = APR_EOF;
+ if (*len > 0) {
+ inctx->rc = APR_SUCCESS;
+ break;
+ }
}
- break;
}
- }
- else /* (rc < 0) */ {
int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);
conn_rec *c =
(conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);
@@ -754,6 +751,10 @@
"SSL input filter read failed.");
}
}
+ else if (rc == 0 && ssl_err == SSL_ERROR_ZERO_RETURN) {
+ inctx->rc = APR_EOF;
+ break;
+ }
else /* if (ssl_err == SSL_ERROR_SSL) */ {
/*
* Log SSL errors and any unexpected conditions.
@@ -763,6 +764,10 @@
ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO,
mySrvFromConn(c));
}
+ if (rc == 0) {
+ inctx->rc = APR_EOF;
+ break;
+ }
if (inctx->rc == APR_SUCCESS) {
inctx->rc = APR_EGENERAL;
}
Regards,
Rainer
Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 14.10.2018 um 00:46 schrieb Rainer Jung <ra...@kippdata.de>:
>
> It seems the h2 failure only happens when building httpd against OpenSSL 1.1.1 (independent of TLS version used). I did a quick check with an httpd build against 1.1.0i and there the same vhost of the test framework instance worked with the same clients, that failed for 1.1.1.
>
> The client side OpenSSL version seems not to matter.
>
> When using 1.1.1 in the server even browsers seem to fail with h2.
>
> Anyone who can successfully use h2 with 2.4.36 build against OpenSSL 1.1.1?
Me, and I got reports from others.
> When comparing trace logs between the 1.1.1 server and the 1.1.0i server, one can see, that a failing OpenSSL read (0 bytes) results in APR_EOF (70014) for 1.1.1 but in errno 11 (EAGAIN) for 1.1.0i. I wonder whether this is due to the new SSL_MODE_AUTO_RETRY and maybe the following change:
>
> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
> + /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
> + * to consume handshake records without blocking for app-data.
> + * https://github.com/openssl/openssl/issues/7178 */
> + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
> +#endif
Hmm, just read the ticket made by Joe regarding this change.
I try to summarize my understanding:
- this has nothing to do with HTTP/2 in particular. It's only triggered by the h2 calling sequence.
- SSL_read() only returns transport data, but sometimes reads (part of) TLS meta data, such as handshake messages.
- When it reads this meta data (and has processed it), it can either do another read directly after or return with
its equivalent of EAGAIN. By default, it does the first.
- The change in handshake handling between TLSv1.2 and TLSv1.3 led, in Joe's testing, to the case where SSL_read()'s
internal re-read() on the socket blocked, as the client was not sending anything.
- So, after discussion on the openssl issue tracker, Joe changed the OpenSSL behaviour of this by inserting the code above.
- Now, when SSL_read() is called, processes some meta data, it will not read() on the socket again, but return a read of length 0.
- mod_ssl interprets this as EOF:
ssl_engine_io.c, lines 673..
else if (rc == 0) {
/* If EAGAIN, we will loop given a blocking read,
* otherwise consider ourselves at EOF.
*/
and returns APR_EOF to h2 which then shuts the connection down.
To my understanding, mod_ssl's ssl_engine_io.c, ssl_io_input_read() has the special case handling that:
- if it gets a SSL_ERROR_WANT_READ from SSL_read(), it remembers that, calls again
- if SSL_read() == 0, non-blocking, it
a) on having seen SSL_ERROR_WANT_READ before, return APR_EGAIN
b) otherwise, return APR_EOF
OpenSSL's documentation of SSL_read() now states:
> Old documentation indicated a difference between 0 and -1, and that -1 was retry-able.
> You should instead call SSL_get_error() to find out if it's retry-able.
So, we should change our logic here. Anyone having the courage to do so? ;-)
-Stefan
>
> The logs:
>
> < OpenSSL 1.1.1
> > OpenSSL 1.1.0i
>
> < 23:35:16.021201 h2_session.c(1704): AH03078: h2_session(81,BUSY,0): transit [INIT] -- init --> [BUSY]
> > 23:39:55.715439 h2_session.c(1670): AH03078: h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
>
> Some additional early stuff for 1.1.0i
>
> > 23:39:55.715448 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.715470 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.715480 h2_filter.c(190): (11)Resource temporarily unavailable: h2_session(66): read
> > 23:39:55.715508 h2_mplx.c(1240): h2_mplx(66): dispatch events
> > 23:39:55.715536 h2_session.c(589): AH03068: h2_session(66,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
> > 23:39:55.715548 h2_session.c(589): AH03068: h2_session(66,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
> > 23:39:55.715565 h2_conn_io.c(122): h2_session(66)-out: heap[28] flush
> > 23:39:55.715590 core_filters.c(580): brigade contains: bytes: 57, non-file bytes: 57, eor buckets: 0, morphing buckets: 0
> > 23:39:55.715598 ssl_engine_io.c(2213): OpenSSL: write 57/57 bytes to BIO#7efee00021b0 [mem: 7efee0014ee3]
> > 23:39:55.715648 core_filters.c(525): will flush because of FLUSH bucket
> > 23:39:55.715653 core_filters.c(535): seen in brigade so far: bytes: 57, non-file bytes: 57, eor buckets: 0, morphing buckets: 0
> > 23:39:55.715657 core_filters.c(554): flushing now
> > 23:39:55.715683 core_filters.c(569): total bytes written: 2466
> > 23:39:55.715690 core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
> Then many things identical
>
> < 23:35:16.021217 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.715697 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
> < 23:35:16.021252 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a3]
> < 23:35:16.021277 ssl_engine_io.c(2213): OpenSSL: read 41/41 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a8]
> < 23:35:16.021318 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[24])
> < 23:35:16.021340 h2_filter.c(64): h2_session(81,BUSY,0): fed 24 bytes to nghttp2, 24 read
> > 23:39:55.715713 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.715734 ssl_engine_io.c(2213): OpenSSL: read 48/48 bytes from BIO#7efee0005280 [mem: 7efee0014ee8]
> > 23:39:55.715774 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[24])
> > 23:39:55.715786 h2_filter.c(64): h2_session(66,BUSY,0): fed 24 bytes to nghttp2, 24 read
> < 23:35:16.021355 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> < 23:35:16.021364 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a3]
> < 23:35:16.021384 ssl_engine_io.c(2213): OpenSSL: read 44/44 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a8]
> < 23:35:16.021428 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[27])
> < 23:35:16.021442 h2_session.c(341): AH03066: h2_session(81,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]], frames=0/0 (r/s)
> < 23:35:16.021447 h2_session.c(414): h2_session(81,BUSY,0): SETTINGS, len=18
> > 23:39:55.715792 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.715804 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.715825 ssl_engine_io.c(2213): OpenSSL: read 51/51 bytes from BIO#7efee0005280 [mem: 7efee0014ee8]
> > 23:39:55.715897 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[27])
> > 23:39:55.715926 h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]], frames=0/2 (r/s)
> > 23:39:55.715934 h2_session.c(414): h2_session(66,BUSY,0): SETTINGS, len=18
> < 23:35:16.021451 h2_filter.c(64): h2_session(81,BUSY,0): fed 27 bytes to nghttp2, 27 read
> < 23:35:16.021464 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> < 23:35:16.021471 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a3]
> < 23:35:16.021491 ssl_engine_io.c(2213): OpenSSL: read 30/30 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a8]
> < 23:35:16.021535 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[13])
> < 23:35:16.021542 h2_session.c(341): AH03066: h2_session(81,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/0 (r/s)
> > 23:39:55.715939 h2_filter.c(64): h2_session(66,BUSY,0): fed 27 bytes to nghttp2, 27 read
> > 23:39:55.715943 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.715953 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.715973 ssl_engine_io.c(2213): OpenSSL: read 37/37 bytes from BIO#7efee0005280 [mem: 7efee0014ee8]
> > 23:39:55.716015 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[13])
> > 23:39:55.716024 h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/2 (r/s)
> < 23:35:16.021547 h2_session.c(381): h2_stream(81-0): WINDOW_UPDATE incr=1073676289
> < 23:35:16.021552 h2_filter.c(64): h2_session(81,BUSY,0): fed 13 bytes to nghttp2, 13 read
> < 23:35:16.021563 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> < 23:35:16.021571 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a3]
> < 23:35:16.021591 ssl_engine_io.c(2213): OpenSSL: read 56/56 bytes from BIO#7f1d04002b10 [mem: 7f1d040145a8]
> < 23:35:16.021632 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[39])
> > 23:39:55.716029 h2_session.c(381): h2_stream(66-0): WINDOW_UPDATE incr=1073676289
> > 23:39:55.716034 h2_filter.c(64): h2_session(66,BUSY,0): fed 13 bytes to nghttp2, 13 read
> > 23:39:55.716039 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.716045 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.716065 ssl_engine_io.c(2213): OpenSSL: read 63/63 bytes from BIO#7efee0005280 [mem: 7efee0014ee8]
> > 23:39:55.716114 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[39])
> < 23:35:16.021652 h2_stream.c(552): AH03082: h2_stream(81-1,IDLE): created
> < 23:35:16.021665 h2_session.c(1960): h2_stream(81-1,IDLE): entered state
> < 23:35:16.021699 h2_session.c(341): AH03066: h2_session(81,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/0 (r/s)
> < 23:35:16.021709 h2_stream.c(302): h2_stream(81-1,IDLE): transit to [OPEN]
> > 23:39:55.716138 h2_stream.c(552): AH03082: h2_stream(66-1,IDLE): created
> > 23:39:55.716146 h2_session.c(1926): h2_stream(66-1,IDLE): entered state
> > 23:39:55.716185 h2_session.c(341): AH03066: h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/2 (r/s)
> > 23:39:55.716197 h2_stream.c(302): h2_stream(66-1,IDLE): transit to [OPEN]
> < 23:35:16.021714 h2_session.c(1960): h2_stream(81-1,OPEN): entered state
> < 23:35:16.021732 h2_stream.c(302): h2_stream(81-1,OPEN): transit to [HALF_CLOSED_REMOTE]
> < 23:35:16.021736 h2_stream.c(211): h2_stream(81-1,HALF_CLOSED_REMOTE): closing input
> < 23:35:16.021740 h2_session.c(1960): h2_stream(81-1,HALF_CLOSED_REMOTE): entered state
> > 23:39:55.716201 h2_session.c(1926): h2_stream(66-1,OPEN): entered state
> > 23:39:55.716206 h2_stream.c(302): h2_stream(66-1,OPEN): transit to [HALF_CLOSED_REMOTE]
> > 23:39:55.716210 h2_stream.c(211): h2_stream(66-1,HALF_CLOSED_REMOTE): closing input
> > 23:39:55.716214 h2_session.c(1926): h2_stream(66-1,HALF_CLOSED_REMOTE): entered state
> < 23:35:16.021744 h2_filter.c(64): h2_session(81,BUSY,1): fed 39 bytes to nghttp2, 39 read
> < 23:35:16.021757 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.716219 h2_filter.c(64): h2_session(66,BUSY,1): fed 39 bytes to nghttp2, 39 read
> > 23:39:55.716224 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
>
> Again some additional stuff for 1.1.0i
>
> > 23:39:55.716254 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.716277 ssl_engine_io.c(2213): OpenSSL: read 33/33 bytes from BIO#7efee0005280 [mem: 7efee0014ee8]
> > 23:39:55.716320 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[9])
> > 23:39:55.716328 h2_session.c(341): AH03066: h2_session(66,BUSY,1): recv FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
> > 23:39:55.716333 h2_session.c(414): h2_session(66,BUSY,1): SETTINGS, len=0
> > 23:39:55.716337 h2_filter.c(64): h2_session(66,BUSY,1): fed 9 bytes to nghttp2, 9 read
> > 23:39:55.716341 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
>
> And now differences, 1.1.1 gets 0 bytes but 70014 (APR_EOF), 1.1.0i 0 bytes but 11 (EAGAIN?)
>
> < 23:35:16.021774 ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040165b3]
> < 23:35:16.021790 h2_filter.c(190): (70014)End of file found: h2_session(81): read
> < 23:35:16.021809 h2_stream.c(594): h2_stream(81-1,HALF_CLOSED_REMOTE): schedule GET https://localhost:8557/ chunked=0
> < 23:35:16.021841 h2_mplx.c(703): h2_stream(81-1,HALF_CLOSED_REMOTE): process, added to q
> < 23:35:16.021872 h2_mplx.c(1240): h2_mplx(81): dispatch events
> > 23:39:55.716352 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.716359 h2_filter.c(190): (11)Resource temporarily unavailable: h2_session(66): read
> > 23:39:55.716368 h2_stream.c(594): h2_stream(66-1,HALF_CLOSED_REMOTE): schedule GET https://localhost:8557/ chunked=0
> > 23:39:55.716400 h2_mplx.c(703): h2_stream(66-1,HALF_CLOSED_REMOTE): process, added to q
> > 23:39:55.716408 h2_mplx.c(1240): h2_mplx(66): dispatch events
>
> < 23:35:16.021879 SLAVE h2_conn.c(271): h2_stream(81-1): create slave
>
> < 23:35:16.021895 h2_session.c(589): AH03068: h2_session(81,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]], frames=3/1 (r/s)
> < 23:35:16.021905 h2_session.c(589): AH03068: h2_session(81,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
> < 23:35:16.021911 h2_session.c(589): AH03068: h2_session(81,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=3/3 (r/s)
>
> > 23:39:55.716416 h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=4/3 (r/s)
>
> < 23:35:16.022541 h2_conn_io.c(122): h2_session(81)-out: heap[37] flush
> < 23:35:16.022573 core_filters.c(580): brigade contains: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> < 23:35:16.022591 ssl_engine_io.c(2213): OpenSSL: write 59/59 bytes to BIO#7f1d04002a50 [mem: 7f1d0400c443]
> < 23:35:16.022613 SLAVE h2_conn.c(336): h2_stream(81-1): created slave
> < 23:35:16.022635 core_filters.c(525): will flush because of FLUSH bucket
> > 23:39:55.716425 h2_conn_io.c(122): h2_session(66)-out: heap[9] flush
> > 23:39:55.716437 core_filters.c(580): brigade contains: bytes: 38, non-file bytes: 38, eor buckets: 0, morphing buckets: 0
> > 23:39:55.716444 ssl_engine_io.c(2213): OpenSSL: write 38/38 bytes to BIO#7efee00021b0 [mem: 7efee0014ee3]
> > 23:39:55.716443 SLAVE h2_conn.c(271): h2_stream(66-1): create slave
> > 23:39:55.716481 core_filters.c(525): will flush because of FLUSH bucket
>
> < 23:35:16.022636 SLAVE h2_task.c(507): h2_h2, pre_connection, found stream task
>
> < 23:35:16.022639 core_filters.c(535): seen in brigade so far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> > 23:39:55.716485 core_filters.c(535): seen in brigade so far: bytes: 38, non-file bytes: 38, eor buckets: 0, morphing buckets: 0
>
> > 23:39:55.716490 SLAVE h2_conn.c(336): h2_stream(66-1): created slave
>
> < 23:35:16.022643 core_filters.c(554): flushing now
> > 23:39:55.716497 core_filters.c(554): flushing now
>
> < 23:35:16.022656 SLAVE h2_task.c(632): h2_task(81-1): process connection
> < 23:35:16.022662 SLAVE h2_task.c(731): h2_h2, processing request directly
>
> > 23:39:55.716512 SLAVE h2_task.c(507): h2_h2, pre_connection, found stream task
>
> < 23:35:16.022664 core_filters.c(569): total bytes written: 3181
> > 23:39:55.716525 core_filters.c(569): total bytes written: 2504
>
> < 23:35:16.022666 SLAVE h2_task.c(658): h2_task(81-1): create request_rec
>
> < 23:35:16.022670 core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> > 23:39:55.716532 core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
> > 23:39:55.716537 SLAVE h2_task.c(632): h2_task(66-1): process connection
>
> < 23:35:16.022689 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ, mode=0, readbytes=65536
> > 23:39:55.716539 h2_filter.c(145): h2_session(66): read, NONBLOCK_READ, mode=0, readbytes=65536
>
> > 23:39:55.716543 SLAVE h2_task.c(731): h2_h2, processing request directly
> > 23:39:55.716548 SLAVE h2_task.c(658): h2_task(66-1): create request_rec
>
> Again 70014 versus 11 when no bytes could be read:
>
> < 23:35:16.022702 ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7f1d04002b10 [mem: 7f1d040165b3]
> < 23:35:16.022718 h2_filter.c(190): (70014)End of file found: h2_session(81): read
> > 23:39:55.716551 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> > 23:39:55.716559 h2_filter.c(190): (11)Resource temporarily unavailable: h2_session(66): read
>
> < 23:35:16.022692 [example_hooks:notice] SLAVE x_create_request()
> > 23:39:55.716571 [example_hooks:notice] SLAVE x_create_request()
>
> And here resulting in GOAWAY versus WAIT:
>
> < 23:35:16.022730 h2_session.c(1605): (70014)End of file found: h2_session(81,BUSY,1): input gone
> < 23:35:16.022745 h2_session.c(1794): AH03401: h2_session(81,BUSY,1): conn error -> shutdown
> < 23:35:16.022753 h2_session.c(589): AH03068: h2_session(81,BUSY,1): sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
> < 23:35:16.022762 h2_conn_io.c(122): h2_session(81)-out: heap[17] flush
> < 23:35:16.022775 core_filters.c(580): brigade contains: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> < 23:35:16.022783 ssl_engine_io.c(2213): OpenSSL: write 39/39 bytes to BIO#7f1d04002a50 [mem: 7f1d0400c443]
>
> > 23:39:55.716567 h2_mplx.c(1240): h2_mplx(66): dispatch events
> > 23:39:55.716572 h2_session.c(1796): h2_session(66,BUSY,1): NO_IO event, 1 streams open
> > 23:39:55.716579 h2_session.c(1670): AH03078: h2_session(66,WAIT,1): transit [BUSY] -- no io --> [WAIT]
> > 23:39:55.716584 h2_session.c(2283): h2_session: wait for data, 10 micros
>
> SLAVES looking OK
>
> < 23:35:16.022736 SLAVE h2_h2.c(722): h2_task(81-1): adding request filters
> > 23:39:55.716598 SLAVE h2_h2.c(722): h2_task(66-1): adding request filters
>
> < 23:35:16.022782 SLAVE ssl_engine_kernel.c(383): AH02034: Subsequent (No.2) HTTPS request received for child 347892350977 (server localhost:8557)
> < 23:35:16.022799 SLAVE h2_task.c(676): h2_task(81-1): start process_request
> < 23:35:16.022811 [http:trace4] SLAVE http_request.c(437): Headers received from client:
> < 23:35:16.022817 [http:trace4] SLAVE http_request.c(441): User-Agent: curl/7.61.1
> < 23:35:16.022822 [http:trace4] SLAVE http_request.c(441): Accept: */*
> > 23:39:55.716635 SLAVE ssl_engine_kernel.c(383): AH02034: Subsequent (No.2) HTTPS request received for child 283467841537 (server localhost:8557)
> > 23:39:55.716646 SLAVE h2_task.c(676): h2_task(66-1): start process_request
> > 23:39:55.716652 [http:trace4] SLAVE http_request.c(437): Headers received from client:
> > 23:39:55.716658 [http:trace4] SLAVE http_request.c(441): User-Agent: curl/7.61.1
> > 23:39:55.716661 [http:trace4] SLAVE http_request.c(441): Accept: */*
> > 23:39:55.716665 [http:trace4] SLAVE http_request.c(441): Host: localhost:8557
>
> But then failure (empty result) for 1.1.1 due to GOAWAY
>
> < 23:35:16.022824 core_filters.c(525): will flush because of FLUSH bucket
> < 23:35:16.022825 [http:trace4] SLAVE http_request.c(441): Host: localhost:8557
> < 23:35:16.022828 core_filters.c(535): seen in brigade so far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> < 23:35:16.022833 core_filters.c(554): flushing now
> < 23:35:16.022874 core_filters.c(569): total bytes written: 3220
> < 23:35:16.022882 core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> < 23:35:16.022887 h2_session.c(715): AH03069: h2_session(81,BUSY,1): sent GOAWAY, err=0, msg=
> < 23:35:16.022895 h2_session.c(1704): AH03078: h2_session(81,DONE,1): transit [BUSY] -- local goaway --> [DONE]
> < 23:35:16.022900 h2_mplx.c(1240): h2_mplx(81): dispatch events
> < 23:35:16.022905 h2_session.c(2364): h2_session(81,DONE,1): process returns
> < 23:35:16.022909 h2_conn.c(217): (70014)End of file found: AH03045: h2_session(81,DONE,1): process, closing conn
> < 23:35:16.022916 h2_session.c(2382): h2_session(81,DONE,1): pre_close
> < 23:35:16.022920 h2_session.c(725): h2_session(81,DONE,1): pool_cleanup
> < 23:35:16.022924 h2_session.c(1704): AH03078: h2_session(81,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
> < 23:35:16.022929 h2_stream.c(612): h2_stream(81-1,HALF_CLOSED_REMOTE): reset, error=0
> < 23:35:16.022941 h2_stream.c(344): h2_stream(81-1,HALF_CLOSED_REMOTE): dispatch event 2
> < 23:35:16.022945 h2_stream.c(302): h2_stream(81-1,HALF_CLOSED_REMOTE): transit to [CLOSED]
> < 23:35:16.022949 h2_stream.c(211): h2_stream(81-1,CLOSED): closing input
> < 23:35:16.022953 h2_stream.c(344): h2_stream(81-1,CLOSED): dispatch event 3
> < 23:35:16.022957 h2_stream.c(302): h2_stream(81-1,CLOSED): transit to [CLEANUP]
> < 23:35:16.022963 h2_ngn_shed.c(144): AH03394: h2_ngn_shed(81): abort
>
> Whereas 1.1.0i proceeds processing and sends the result back
> ...
>
>
> Regards,
>
> Rainer
>
> Am 13.10.2018 um 23:07 schrieb Rainer Jung:
>> Hi Stefan,
>> it is the "input gone" (APR_EOF) case which went unnoticed by me. Although I patch the test suite to run with trace8 log level, http2 was set to debug in the test suite config and the "input gone" message is a trace message. See below for more details. The question is still whether this should have been handled non-fatally. Currently curl fails to do h2 with httpd 2.4.36 as set up by the test suite.
>> Am 13.10.2018 um 18:53 schrieb Stefan Eissing:
>>> Hi Rainer,
>>>
>>> according to the log, the h2 code must be in the H2_SESSION_ST_BUSY state and the only cause I see is the same as you, namely an unexpected status from h2_session_read(), which should come via
>>>
>>> status = ap_get_brigade(c->input_filters,
>>> session->bbtmp, AP_MODE_READBYTES,
>>> block? APR_BLOCK_READ : APR_NONBLOCK_READ,
>>> H2MAX(APR_BUCKET_BUFF_SIZE, readlen));
>>>
>>> block is 0 here and readlen should be (unless reconfigured via H2StreamMaxMemSize) 32kb.
>>>
>>> Maybe you could just add a log line there to see what ap_get_brigade() returned there?
>>>
>>> Strange.
>> I hope most of the added http2:debug log lines with logno AH9999* are self-explaining:
>> ...
>> 22:25:25.934782 [core:trace8] core_filters.c(554): [client 127.0.0.1:36318] flushing now
>> 22:25:25.934810 [core:trace8] core_filters.c(569): [client 127.0.0.1:36318] total bytes written: 3197
>> 22:25:25.934816 [core:trace8] core_filters.c(580): [client 127.0.0.1:36318] brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 22:25:25.934823 [http2:debug] h2_session.c(1552): [client 127.0.0.1:36318] AH99997: h2_session(75,BUSY,1): Into session_read non-blocking readlen 65536 read_start 103
>> 22:25:25.934828 [http2:trace1] h2_filter.c(145): [client 127.0.0.1:36318] h2_session(75): read, NONBLOCK_READ, mode=0, readbytes=65536
>> 22:25:25.934878 [ssl:trace4] ssl_engine_io.c(2213): [client 127.0.0.1:36318] OpenSSL: read 0/5 bytes from BIO#7ff098002b10 [mem: 7ff0980164d3] (BIO dump follows)
>> 22:25:25.934894 [ssl:trace7] ssl_engine_io.c(2136): [client 127.0.0.1:36318] +-------------------------------------------------------------------------+
>> 22:25:25.934898 [ssl:trace7] ssl_engine_io.c(2180): [client 127.0.0.1:36318] +-------------------------------------------------------------------------+
>> 22:25:25.934903 [http2:trace1] h2_filter.c(190): (70014)End of file found: [client 127.0.0.1:36318] h2_session(75): read
>> 22:25:25.934908 [http2:debug] h2_session.c(1563): (70014)End of file found: [client 127.0.0.1:36318] AH99990: h2_session(75,BUSY,1): session_read non-blocking readlen 65536 ap_get_brigade returned status 70014
>> 22:25:25.934913 [http2:debug] h2_session.c(1603): (70014)End of file found: [client 127.0.0.1:36318] AH99998: h2_session(75,BUSY,1): input gone
>> 22:25:25.934917 [http2:trace1] h2_session.c(1605): (70014)End of file found: [client 127.0.0.1:36318] h2_session(75,BUSY,1): input gone
>> 22:25:25.934921 [http2:debug] h2_session.c(1616): [client 127.0.0.1:36318] AH99994: h2_session(75,BUSY,1): session_read non-blocking readlen 65536 status 70014 (default case) session->io.bytes_read == read_start (103 == 103) returning status 70014
>> 22:25:25.934926 [http2:debug] h2_session.c(1645): (70014)End of file found: [client 127.0.0.1:36318] AH99999: h2_session(75,BUSY,1): h2_session_read non-blocking returning 70014
>> 22:25:25.934931 [http2:debug] h2_session.c(1794): [client 127.0.0.1:36318] AH03401: h2_session(75,BUSY,1): conn error -> shutdown
>> 22:25:25.934938 [http2:debug] h2_session.c(589): [client 127.0.0.1:36318] AH03068: h2_session(75,BUSY,1): sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
>> I reduced my long list of loaded modules to check, whether a filter in some module interacts badly, but the problem still happens with the following modules loaded:
>> mod_mpm_event.so
>> mod_authn_file.so
>> mod_authn_anon.so
>> mod_authn_socache.so
>> mod_authn_core.so
>> mod_authz_host.so
>> mod_authz_groupfile.so
>> mod_authz_user.so
>> mod_authz_owner.so
>> mod_authz_core.so
>> mod_access_compat.so
>> mod_auth_basic.so
>> mod_allowmethods.so
>> mod_socache_shmcb.so
>> mod_watchdog.so
>> mod_macro.so
>> mod_reqtimeout.so
>> mod_filter.so
>> mod_mime.so
>> mod_log_debug.so
>> mod_env.so
>> mod_headers.so
>> mod_unique_id.so
>> mod_setenvif.so
>> mod_version.so
>> mod_remoteip.so
>> mod_slotmem_shm.so
>> mod_slotmem_plain.so
>> mod_ssl.so
>> mod_http2.so
>> mod_unixd.so
>> mod_heartbeat.so
>> mod_heartmonitor.so
>> mod_status.so
>> mod_info.so
>> mod_cgid.so
>> mod_cgi.so
>> mod_dir.so
>> mod_alias.so
>> mod_rewrite.so
>> and the usual test modules:
>> mod_eat_post.so
>> mod_input_body_filter.so
>> mod_test_pass_brigade.so
>> mod_echo_post.so
>> mod_nntp_like.so
>> mod_fold.so
>> mod_client_add_filter.so
>> mod_memory_track.so
>> mod_test_ssl.so
>> mod_test_apr_uri.so
>> mod_list_modules.so
>> mod_random_chunk.so
>> mod_authany.so
>> mod_test_utilities.so
>> mod_echo_post_chunk.so
>> mod_test_rwrite.so
>> mod_mime.so
>> mod_alias.so
>> I don't know how to correctly distinguish a real client gone from a 0 byte non-blocking read.
>> Regards,
>> Rainer
>>>> Am 13.10.2018 um 13:14 schrieb Rainer Jung <ra...@kippdata.de>:
>>>>
>>>> Hi Stefan,
>>>>
>>>> Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>>>>>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>>>>>
>>>>>> I believe that t/modules/http2.t is dying in this:
>>>>>>
>>>>>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>>>>>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>>>>>
>>>>>> piece of magic which I don't understand but possibly needs updating for
>>>>>> TLSv1.3? Session handling is different now... everything is broken.
>>>>> I think there was no official way to add SNI to AnyEvent and I had to hack this. Unless anyone has another suggestion, I am in favour of removing the t/modules/http2.t again.
>>>>
>>>> Note that if I manually send http2 requests using a recent curl, I get failures as well (for 2.4.36).
>>>>
>>>> The t/modules/http2.t indeed fails for each https test, even the simple first one retrieving / and checking for status 200. One bug seems to me in the test script, that it fails silently and simply notes that not all tests have run at the end.
>>>>
>>>> But if I only start the server using "t/TEST -start-httpd" and then run a curl test request against the h2 port 8557, I get failures as well. The server was build with TLS 1.3 support, but the failures occur with an 1.3 client but also with an 1.2 client (different builds of curl). I marked below lines probably indicating the failure with ^^^^^^^^ .
>>>>
>>>> Here are details:
>>>>
>>>> curl TLS 1.3 client output
>>>> ==========================
>>>>
>>>> * Trying 127.0.0.1...
>>>> * TCP_NODELAY set
>>>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>>>> * ALPN, offering h2
>>>> * ALPN, offering http/1.1
>>>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>>>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>>>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>>>> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>>>> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
>>>> * ALPN, server accepted to use h2
>>>> * Server certificate:
>>>> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
>>>> * start date: Oct 13 08:40:49 2018 GMT
>>>> * expire date: Oct 13 08:40:49 2019 GMT
>>>> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>>>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>>>> * Using HTTP2, server supports multi-use
>>>> * Connection state changed (HTTP/2 confirmed)
>>>> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
>>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>> * Using Stream ID: 1 (easy handle 0x26ab080)
>>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>>> GET / HTTP/2
>>>>> Host: localhost:8557
>>>>> User-Agent: curl/7.61.1
>>>>> Accept: */*
>>>>>
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>>>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>>>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>>>> * TLSv1.3 (IN), TLS alert, [no content] (0):
>>>> * TLSv1.3 (IN), TLS alert, close notify (256):
>>>> * Empty reply from server
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>>>> * Connection #0 to host localhost left intact
>>>> curl: (52) Empty reply from server
>>>>
>>>> curl TLS 1.3 server error log
>>>> =============================
>>>>
>>>> 12:37:23.974210 [example_hooks:notice] x_create_connection()
>>>> 12:37:23.974598 [ssl:info] AH01964: Connection to child 66 established (server localhost:8557)
>>>> 12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding PRNG with 144 bytes of entropy
>>>> 12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
>>>> 12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>>>> 12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>>>> 12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
>>>> 12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump follows)
>>>> 12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>>>> 12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>>>> 12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>>>> 12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>>>> 12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
>>>> 12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
>>>> 12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
>>>> 12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
>>>> 12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
>>>> 12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write encrypted extensions
>>>> 12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
>>>> 12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write server certificate verify
>>>> 12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>>>> 12:37:23.982723 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.982776 [core:trace8] core_filters.c(569): total bytes written: 2532
>>>> 12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
>>>> 12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
>>>> 12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>>>> 12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>>>> 12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>>>> 12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 69/69 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>>>> 12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
>>>> 12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
>>>> 12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>>>> 12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>> 12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>>>> 12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>>>> 12:37:23.985747 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.985801 [core:trace8] core_filters.c(569): total bytes written: 2819
>>>> 12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
>>>> 12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>>>> 12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>> 12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>>>> 12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>>>> 12:37:23.986138 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.986172 [core:trace8] core_filters.c(569): total bytes written: 3122
>>>> 12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
>>>> 12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>>>> 12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>>> 12:37:23.986272 [http2:debug] h2_session.c(924): AH03200: h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>>>> 12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201: h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
>>>> 12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079: h2_session(66,INIT,0): started on localhost:8557
>>>> 12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
>>>> 12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>>> 12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 41/41 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>>> 12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>>> 12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 44/44 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>>> 12:37:23.986530 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]], frames=0/0 (r/s)
>>>> 12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>>> 12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 30/30 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>>> 12:37:23.986596 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/0 (r/s)
>>>> 12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>>> 12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 56/56 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>>> 12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082: h2_stream(66-1,IDLE): created
>>>> 12:37:23.986837 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/0 (r/s)
>>>> 12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>>>> 12:37:23.986926 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]], frames=3/1 (r/s)
>>>> 12:37:23.986937 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
>>>> 12:37:23.986944 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=3/3 (r/s)
>>>> 12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>>> 12:37:23.987029 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.987060 [core:trace8] core_filters.c(569): total bytes written: 3181
>>>> 12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>>>> 12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401: h2_session(66,BUSY,1): conn error -> shutdown
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>>
>>>> 12:37:23.987105 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
>>>> 12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 39/39 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>>> 12:37:23.987172 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.987195 [core:trace8] core_filters.c(569): total bytes written: 3220
>>>> 12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.987205 [http2:debug] h2_session.c(715): AH03069: h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
>>>> 12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
>>>> 12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(66,DONE,1): process, closing conn
>>>> 12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
>>>> 12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook test said: GET / HTTP/2.0
>>>> 12:37:23.992176 [optional_fn_export:error] AH01871: Optional function test said: GET / HTTP/2.0
>>>> 12:37:23.992337 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.992357 [core:trace8] core_filters.c(569): total bytes written: 3220
>>>> 12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 24/24 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>>> 12:37:23.992426 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.992470 [core:trace8] core_filters.c(569): total bytes written: 3244
>>>> 12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
>>>> 12:37:23.992491 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
>>>> 12:37:23.992503 [core:trace8] core_filters.c(569): total bytes written: 3244
>>>> 12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 66 with standard shutdown (server localhost:8557)
>>>> 12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>>
>>>>
>>>> curl TLS 1.2 client output
>>>> ==========================
>>>>
>>>> * Trying 127.0.0.1...
>>>> * TCP_NODELAY set
>>>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>>>> * ALPN, offering h2
>>>> * ALPN, offering http/1.1
>>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>>>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>>>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>>>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>>>> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>>>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>>>> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
>>>> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>>>> * TLSv1.2 (IN), TLS handshake, Finished (20):
>>>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
>>>> * ALPN, server accepted to use h2
>>>> * Server certificate:
>>>> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
>>>> * start date: Oct 13 08:40:49 2018 GMT
>>>> * expire date: Oct 13 08:40:49 2019 GMT
>>>> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>>>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>>>> * Using HTTP2, server supports multi-use
>>>> * Connection state changed (HTTP/2 confirmed)
>>>> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
>>>> * Using Stream ID: 1 (easy handle 0x1d5e5e0)
>>>>> GET / HTTP/2
>>>>> Host: localhost:8557
>>>>> User-Agent: curl/7.61.1
>>>>> Accept: */*
>>>>>
>>>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>>>> * TLSv1.2 (IN), TLS alert, close notify (256):
>>>> * Empty reply from server
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>>>> * Connection #0 to host localhost left intact
>>>> curl: (52) Empty reply from server
>>>>
>>>>
>>>> curl TLS 1.2 server error log
>>>> =============================
>>>>
>>>> 12:43:43.580661 [ssl:info] AH01964: Connection to child 83 established (server localhost:8557)
>>>> 12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
>>>> 12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>>>> 12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>>>> 12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
>>>> 12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump follows)
>>>> 12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>>>> 12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>>>> 12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>>>> 12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>>>> 12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
>>>> 12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
>>>> 12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
>>>> 12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
>>>> 12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
>>>> 12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write key exchange
>>>> 12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
>>>> 12:43:43.585620 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.585682 [core:trace8] core_filters.c(569): total bytes written: 2398
>>>> 12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
>>>> 12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
>>>> 12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 70/70 bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
>>>> 12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
>>>> 12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>>>> 12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>>>> 12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client key exchange
>>>> 12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>>>> 12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 40/40 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>>>> 12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read change cipher spec
>>>> 12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
>>>> 12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
>>>> 12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 51/51 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
>>>> 12:43:43.587737 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.587779 [core:trace8] core_filters.c(569): total bytes written: 2449
>>>> 12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
>>>> 12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>>>> 12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>>>> 12:43:43.587888 [http2:debug] h2_session.c(924): AH03200: h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>>>> 12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201: h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
>>>> 12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079: h2_session(83,INIT,0): started on localhost:8557
>>>> 12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
>>>> 12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
>>>> 12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401: h2_session(83,BUSY,0): conn error -> shutdown
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>>
>>>> 12:43:43.587985 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
>>>> 12:43:43.587992 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
>>>> 12:43:43.587998 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='', last_stream=0]], frames=0/3 (r/s)
>>>> 12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 74/74 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>>>> 12:43:43.588090 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.588112 [core:trace8] core_filters.c(569): total bytes written: 2523
>>>> 12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588122 [http2:debug] h2_session.c(715): AH03069: h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
>>>> 12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
>>>> 12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(83,DONE,0): process, closing conn
>>>> 12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
>>>> 12:43:43.588163 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.588174 [core:trace8] core_filters.c(569): total bytes written: 2523
>>>> 12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 31/31 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>>>> 12:43:43.588219 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.588239 [core:trace8] core_filters.c(569): total bytes written: 2554
>>>> 12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
>>>> 12:43:43.588253 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>>>> 12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
>>>> 12:43:43.588263 [core:trace8] core_filters.c(569): total bytes written: 2554
>>>> 12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>> 12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 83 with standard shutdown (server localhost:8557)
>>>> 12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>>
>>>> Could it be, that the ssl read directly above the conn error detected is the culprit. It reads 0 bytes. Maybe we are in h2_session.c in this block:
>>>>
>>>> 2215 case H2_SESSION_ST_BUSY:
>>>> 2216 if (nghttp2_session_want_read(session->ngh2)) {
>>>> 2217 ap_update_child_status(session->c->sbh, SERVER_BUSY_READ, NULL);
>>>> 2218 h2_filter_cin_timeout_set(session->cin, session->s->timeout);
>>>> 2219 status = h2_session_read(session, 0);
>>>> 2220 if (status == APR_SUCCESS) {
>>>> 2221 session->have_read = 1;
>>>> 2222 }
>>>> 2223 else if (status == APR_EAGAIN) {
>>>> 2224 /* nothing to read */
>>>> 2225 }
>>>> 2226 else if (APR_STATUS_IS_TIMEUP(status)) {
>>>> 2227 dispatch_event(session, H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
>>>> 2228 break;
>>>> 2229 }
>>>> 2230 else {
>>>> 2231 dispatch_event(session, H2_SESSION_EV_CONN_ERROR, 0, NULL);
>>>> 2232 }
>>>> 2233 }
>>>>
>>>> and maybe h2_session_read() (using session_read()) returns an unexpected result code? Although I must confess, this is speculation and I don't really see, where this could happen.
>>>>
>>>> Regards,
>>>>
>>>> Rainer
h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to
SSL_MODE_AUTO_RETRY?
Posted by Rainer Jung <ra...@kippdata.de>.
It seems the h2 failure only happens when building httpd against OpenSSL
1.1.1 (independent of TLS version used). I did a quick check with an
httpd build against 1.1.0i and there the same vhost of the test
framework instance worked with the same clients, that failed for 1.1.1.
The client side OpenSSL version seems not to matter.
When using 1.1.1 in the server even browsers seem to fail with h2.
Anyone who can successfully use h2 with 2.4.36 build against OpenSSL 1.1.1?
When comparing trace logs between the 1.1.1 server and the 1.1.0i
server, one can see, that a failing OpenSSL read (0 bytes) results in
APR_EOF (70014) for 1.1.1 but in errno 11 (EAGAIN) for 1.1.0i. I wonder
whether this is due to the new SSL_MODE_AUTO_RETRY and maybe the
following change:
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+ /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
+ * to consume handshake records without blocking for app-data.
+ * https://github.com/openssl/openssl/issues/7178 */
+ SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+#endif
The logs:
< OpenSSL 1.1.1
> OpenSSL 1.1.0i
< 23:35:16.021201 h2_session.c(1704): AH03078: h2_session(81,BUSY,0):
transit [INIT] -- init --> [BUSY]
> 23:39:55.715439 h2_session.c(1670): AH03078: h2_session(66,BUSY,0):
transit [INIT] -- init --> [BUSY]
Some additional early stuff for 1.1.0i
> 23:39:55.715448 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
> 23:39:55.715470 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes
expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.715480 h2_filter.c(190): (11)Resource temporarily
unavailable: h2_session(66): read
> 23:39:55.715508 h2_mplx.c(1240): h2_mplx(66): dispatch events
> 23:39:55.715536 h2_session.c(589): AH03068: h2_session(66,BUSY,0):
sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
> 23:39:55.715548 h2_session.c(589): AH03068: h2_session(66,BUSY,0):
sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
> 23:39:55.715565 h2_conn_io.c(122): h2_session(66)-out: heap[28] flush
> 23:39:55.715590 core_filters.c(580): brigade contains: bytes: 57,
non-file bytes: 57, eor buckets: 0, morphing buckets: 0
> 23:39:55.715598 ssl_engine_io.c(2213): OpenSSL: write 57/57 bytes to
BIO#7efee00021b0 [mem: 7efee0014ee3]
> 23:39:55.715648 core_filters.c(525): will flush because of FLUSH bucket
> 23:39:55.715653 core_filters.c(535): seen in brigade so far: bytes:
57, non-file bytes: 57, eor buckets: 0, morphing buckets: 0
> 23:39:55.715657 core_filters.c(554): flushing now
> 23:39:55.715683 core_filters.c(569): total bytes written: 2466
> 23:39:55.715690 core_filters.c(580): brigade contains: bytes: 0,
non-file bytes: 0, eor buckets: 0, morphing buckets: 0
Then many things identical
< 23:35:16.021217 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
> 23:39:55.715697 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
< 23:35:16.021252 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a3]
< 23:35:16.021277 ssl_engine_io.c(2213): OpenSSL: read 41/41 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a8]
< 23:35:16.021318 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[24])
< 23:35:16.021340 h2_filter.c(64): h2_session(81,BUSY,0): fed 24 bytes
to nghttp2, 24 read
> 23:39:55.715713 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.715734 ssl_engine_io.c(2213): OpenSSL: read 48/48 bytes from
BIO#7efee0005280 [mem: 7efee0014ee8]
> 23:39:55.715774 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[24])
> 23:39:55.715786 h2_filter.c(64): h2_session(66,BUSY,0): fed 24 bytes
to nghttp2, 24 read
< 23:35:16.021355 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
< 23:35:16.021364 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a3]
< 23:35:16.021384 ssl_engine_io.c(2213): OpenSSL: read 44/44 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a8]
< 23:35:16.021428 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[27])
< 23:35:16.021442 h2_session.c(341): AH03066: h2_session(81,BUSY,0):
recv FRAME[SETTINGS[length=18, stream=0]], frames=0/0 (r/s)
< 23:35:16.021447 h2_session.c(414): h2_session(81,BUSY,0): SETTINGS, len=18
> 23:39:55.715792 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
> 23:39:55.715804 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.715825 ssl_engine_io.c(2213): OpenSSL: read 51/51 bytes from
BIO#7efee0005280 [mem: 7efee0014ee8]
> 23:39:55.715897 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[27])
> 23:39:55.715926 h2_session.c(341): AH03066: h2_session(66,BUSY,0):
recv FRAME[SETTINGS[length=18, stream=0]], frames=0/2 (r/s)
> 23:39:55.715934 h2_session.c(414): h2_session(66,BUSY,0): SETTINGS,
len=18
< 23:35:16.021451 h2_filter.c(64): h2_session(81,BUSY,0): fed 27 bytes
to nghttp2, 27 read
< 23:35:16.021464 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
< 23:35:16.021471 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a3]
< 23:35:16.021491 ssl_engine_io.c(2213): OpenSSL: read 30/30 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a8]
< 23:35:16.021535 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[13])
< 23:35:16.021542 h2_session.c(341): AH03066: h2_session(81,BUSY,0):
recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/0 (r/s)
> 23:39:55.715939 h2_filter.c(64): h2_session(66,BUSY,0): fed 27 bytes
to nghttp2, 27 read
> 23:39:55.715943 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
> 23:39:55.715953 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.715973 ssl_engine_io.c(2213): OpenSSL: read 37/37 bytes from
BIO#7efee0005280 [mem: 7efee0014ee8]
> 23:39:55.716015 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[13])
> 23:39:55.716024 h2_session.c(341): AH03066: h2_session(66,BUSY,0):
recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/2 (r/s)
< 23:35:16.021547 h2_session.c(381): h2_stream(81-0): WINDOW_UPDATE
incr=1073676289
< 23:35:16.021552 h2_filter.c(64): h2_session(81,BUSY,0): fed 13 bytes
to nghttp2, 13 read
< 23:35:16.021563 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
< 23:35:16.021571 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a3]
< 23:35:16.021591 ssl_engine_io.c(2213): OpenSSL: read 56/56 bytes from
BIO#7f1d04002b10 [mem: 7f1d040145a8]
< 23:35:16.021632 h2_filter.c(93): bb_dump(81): RAW_in(TRANSIENT[39])
> 23:39:55.716029 h2_session.c(381): h2_stream(66-0): WINDOW_UPDATE
incr=1073676289
> 23:39:55.716034 h2_filter.c(64): h2_session(66,BUSY,0): fed 13 bytes
to nghttp2, 13 read
> 23:39:55.716039 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
> 23:39:55.716045 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.716065 ssl_engine_io.c(2213): OpenSSL: read 63/63 bytes from
BIO#7efee0005280 [mem: 7efee0014ee8]
> 23:39:55.716114 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[39])
< 23:35:16.021652 h2_stream.c(552): AH03082: h2_stream(81-1,IDLE): created
< 23:35:16.021665 h2_session.c(1960): h2_stream(81-1,IDLE): entered state
< 23:35:16.021699 h2_session.c(341): AH03066: h2_session(81,BUSY,1):
recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/0 (r/s)
< 23:35:16.021709 h2_stream.c(302): h2_stream(81-1,IDLE): transit to [OPEN]
> 23:39:55.716138 h2_stream.c(552): AH03082: h2_stream(66-1,IDLE): created
> 23:39:55.716146 h2_session.c(1926): h2_stream(66-1,IDLE): entered state
> 23:39:55.716185 h2_session.c(341): AH03066: h2_session(66,BUSY,1):
recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/2 (r/s)
> 23:39:55.716197 h2_stream.c(302): h2_stream(66-1,IDLE): transit to [OPEN]
< 23:35:16.021714 h2_session.c(1960): h2_stream(81-1,OPEN): entered state
< 23:35:16.021732 h2_stream.c(302): h2_stream(81-1,OPEN): transit to
[HALF_CLOSED_REMOTE]
< 23:35:16.021736 h2_stream.c(211): h2_stream(81-1,HALF_CLOSED_REMOTE):
closing input
< 23:35:16.021740 h2_session.c(1960):
h2_stream(81-1,HALF_CLOSED_REMOTE): entered state
> 23:39:55.716201 h2_session.c(1926): h2_stream(66-1,OPEN): entered state
> 23:39:55.716206 h2_stream.c(302): h2_stream(66-1,OPEN): transit to
[HALF_CLOSED_REMOTE]
> 23:39:55.716210 h2_stream.c(211): h2_stream(66-1,HALF_CLOSED_REMOTE):
closing input
> 23:39:55.716214 h2_session.c(1926):
h2_stream(66-1,HALF_CLOSED_REMOTE): entered state
< 23:35:16.021744 h2_filter.c(64): h2_session(81,BUSY,1): fed 39 bytes
to nghttp2, 39 read
< 23:35:16.021757 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
> 23:39:55.716219 h2_filter.c(64): h2_session(66,BUSY,1): fed 39 bytes
to nghttp2, 39 read
> 23:39:55.716224 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
Again some additional stuff for 1.1.0i
> 23:39:55.716254 ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from
BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.716277 ssl_engine_io.c(2213): OpenSSL: read 33/33 bytes from
BIO#7efee0005280 [mem: 7efee0014ee8]
> 23:39:55.716320 h2_filter.c(93): bb_dump(66): RAW_in(TRANSIENT[9])
> 23:39:55.716328 h2_session.c(341): AH03066: h2_session(66,BUSY,1):
recv FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
> 23:39:55.716333 h2_session.c(414): h2_session(66,BUSY,1): SETTINGS, len=0
> 23:39:55.716337 h2_filter.c(64): h2_session(66,BUSY,1): fed 9 bytes
to nghttp2, 9 read
> 23:39:55.716341 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
And now differences, 1.1.1 gets 0 bytes but 70014 (APR_EOF), 1.1.0i 0
bytes but 11 (EAGAIN?)
< 23:35:16.021774 ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040165b3]
< 23:35:16.021790 h2_filter.c(190): (70014)End of file found:
h2_session(81): read
< 23:35:16.021809 h2_stream.c(594): h2_stream(81-1,HALF_CLOSED_REMOTE):
schedule GET https://localhost:8557/ chunked=0
< 23:35:16.021841 h2_mplx.c(703): h2_stream(81-1,HALF_CLOSED_REMOTE):
process, added to q
< 23:35:16.021872 h2_mplx.c(1240): h2_mplx(81): dispatch events
> 23:39:55.716352 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes
expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.716359 h2_filter.c(190): (11)Resource temporarily
unavailable: h2_session(66): read
> 23:39:55.716368 h2_stream.c(594): h2_stream(66-1,HALF_CLOSED_REMOTE):
schedule GET https://localhost:8557/ chunked=0
> 23:39:55.716400 h2_mplx.c(703): h2_stream(66-1,HALF_CLOSED_REMOTE):
process, added to q
> 23:39:55.716408 h2_mplx.c(1240): h2_mplx(66): dispatch events
< 23:35:16.021879 SLAVE h2_conn.c(271): h2_stream(81-1): create slave
< 23:35:16.021895 h2_session.c(589): AH03068: h2_session(81,BUSY,1):
sent FRAME[SETTINGS[length=6, stream=0]], frames=3/1 (r/s)
< 23:35:16.021905 h2_session.c(589): AH03068: h2_session(81,BUSY,1):
sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
< 23:35:16.021911 h2_session.c(589): AH03068: h2_session(81,BUSY,1):
sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=3/3 (r/s)
> 23:39:55.716416 h2_session.c(589): AH03068: h2_session(66,BUSY,1):
sent FRAME[SETTINGS[ack=1, stream=0]], frames=4/3 (r/s)
< 23:35:16.022541 h2_conn_io.c(122): h2_session(81)-out: heap[37] flush
< 23:35:16.022573 core_filters.c(580): brigade contains: bytes: 59,
non-file bytes: 59, eor buckets: 0, morphing buckets: 0
< 23:35:16.022591 ssl_engine_io.c(2213): OpenSSL: write 59/59 bytes to
BIO#7f1d04002a50 [mem: 7f1d0400c443]
< 23:35:16.022613 SLAVE h2_conn.c(336): h2_stream(81-1): created slave
< 23:35:16.022635 core_filters.c(525): will flush because of FLUSH bucket
> 23:39:55.716425 h2_conn_io.c(122): h2_session(66)-out: heap[9] flush
> 23:39:55.716437 core_filters.c(580): brigade contains: bytes: 38,
non-file bytes: 38, eor buckets: 0, morphing buckets: 0
> 23:39:55.716444 ssl_engine_io.c(2213): OpenSSL: write 38/38 bytes to
BIO#7efee00021b0 [mem: 7efee0014ee3]
> 23:39:55.716443 SLAVE h2_conn.c(271): h2_stream(66-1): create slave
> 23:39:55.716481 core_filters.c(525): will flush because of FLUSH bucket
< 23:35:16.022636 SLAVE h2_task.c(507): h2_h2, pre_connection, found
stream task
< 23:35:16.022639 core_filters.c(535): seen in brigade so far: bytes:
59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> 23:39:55.716485 core_filters.c(535): seen in brigade so far: bytes:
38, non-file bytes: 38, eor buckets: 0, morphing buckets: 0
> 23:39:55.716490 SLAVE h2_conn.c(336): h2_stream(66-1): created slave
< 23:35:16.022643 core_filters.c(554): flushing now
> 23:39:55.716497 core_filters.c(554): flushing now
< 23:35:16.022656 SLAVE h2_task.c(632): h2_task(81-1): process connection
< 23:35:16.022662 SLAVE h2_task.c(731): h2_h2, processing request directly
> 23:39:55.716512 SLAVE h2_task.c(507): h2_h2, pre_connection, found
stream task
< 23:35:16.022664 core_filters.c(569): total bytes written: 3181
> 23:39:55.716525 core_filters.c(569): total bytes written: 2504
< 23:35:16.022666 SLAVE h2_task.c(658): h2_task(81-1): create request_rec
< 23:35:16.022670 core_filters.c(580): brigade contains: bytes: 0,
non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 23:39:55.716532 core_filters.c(580): brigade contains: bytes: 0,
non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 23:39:55.716537 SLAVE h2_task.c(632): h2_task(66-1): process connection
< 23:35:16.022689 h2_filter.c(145): h2_session(81): read, NONBLOCK_READ,
mode=0, readbytes=65536
> 23:39:55.716539 h2_filter.c(145): h2_session(66): read,
NONBLOCK_READ, mode=0, readbytes=65536
> 23:39:55.716543 SLAVE h2_task.c(731): h2_h2, processing request directly
> 23:39:55.716548 SLAVE h2_task.c(658): h2_task(66-1): create request_rec
Again 70014 versus 11 when no bytes could be read:
< 23:35:16.022702 ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from
BIO#7f1d04002b10 [mem: 7f1d040165b3]
< 23:35:16.022718 h2_filter.c(190): (70014)End of file found:
h2_session(81): read
> 23:39:55.716551 ssl_engine_io.c(2222): OpenSSL: I/O error, 5 bytes
expected to read on BIO#7efee0005280 [mem: 7efee0014ee3]
> 23:39:55.716559 h2_filter.c(190): (11)Resource temporarily
unavailable: h2_session(66): read
< 23:35:16.022692 [example_hooks:notice] SLAVE x_create_request()
> 23:39:55.716571 [example_hooks:notice] SLAVE x_create_request()
And here resulting in GOAWAY versus WAIT:
< 23:35:16.022730 h2_session.c(1605): (70014)End of file found:
h2_session(81,BUSY,1): input gone
< 23:35:16.022745 h2_session.c(1794): AH03401: h2_session(81,BUSY,1):
conn error -> shutdown
< 23:35:16.022753 h2_session.c(589): AH03068: h2_session(81,BUSY,1):
sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
< 23:35:16.022762 h2_conn_io.c(122): h2_session(81)-out: heap[17] flush
< 23:35:16.022775 core_filters.c(580): brigade contains: bytes: 39,
non-file bytes: 39, eor buckets: 0, morphing buckets: 0
< 23:35:16.022783 ssl_engine_io.c(2213): OpenSSL: write 39/39 bytes to
BIO#7f1d04002a50 [mem: 7f1d0400c443]
> 23:39:55.716567 h2_mplx.c(1240): h2_mplx(66): dispatch events
> 23:39:55.716572 h2_session.c(1796): h2_session(66,BUSY,1): NO_IO
event, 1 streams open
> 23:39:55.716579 h2_session.c(1670): AH03078: h2_session(66,WAIT,1):
transit [BUSY] -- no io --> [WAIT]
> 23:39:55.716584 h2_session.c(2283): h2_session: wait for data, 10 micros
SLAVES looking OK
< 23:35:16.022736 SLAVE h2_h2.c(722): h2_task(81-1): adding request filters
> 23:39:55.716598 SLAVE h2_h2.c(722): h2_task(66-1): adding request filters
< 23:35:16.022782 SLAVE ssl_engine_kernel.c(383): AH02034: Subsequent
(No.2) HTTPS request received for child 347892350977 (server localhost:8557)
< 23:35:16.022799 SLAVE h2_task.c(676): h2_task(81-1): start process_request
< 23:35:16.022811 [http:trace4] SLAVE http_request.c(437): Headers
received from client:
< 23:35:16.022817 [http:trace4] SLAVE http_request.c(441): User-Agent:
curl/7.61.1
< 23:35:16.022822 [http:trace4] SLAVE http_request.c(441): Accept: */*
> 23:39:55.716635 SLAVE ssl_engine_kernel.c(383): AH02034: Subsequent
(No.2) HTTPS request received for child 283467841537 (server localhost:8557)
> 23:39:55.716646 SLAVE h2_task.c(676): h2_task(66-1): start
process_request
> 23:39:55.716652 [http:trace4] SLAVE http_request.c(437): Headers
received from client:
> 23:39:55.716658 [http:trace4] SLAVE http_request.c(441):
User-Agent: curl/7.61.1
> 23:39:55.716661 [http:trace4] SLAVE http_request.c(441): Accept: */*
> 23:39:55.716665 [http:trace4] SLAVE http_request.c(441): Host:
localhost:8557
But then failure (empty result) for 1.1.1 due to GOAWAY
< 23:35:16.022824 core_filters.c(525): will flush because of FLUSH bucket
< 23:35:16.022825 [http:trace4] SLAVE http_request.c(441): Host:
localhost:8557
< 23:35:16.022828 core_filters.c(535): seen in brigade so far: bytes:
39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
< 23:35:16.022833 core_filters.c(554): flushing now
< 23:35:16.022874 core_filters.c(569): total bytes written: 3220
< 23:35:16.022882 core_filters.c(580): brigade contains: bytes: 0,
non-file bytes: 0, eor buckets: 0, morphing buckets: 0
< 23:35:16.022887 h2_session.c(715): AH03069: h2_session(81,BUSY,1):
sent GOAWAY, err=0, msg=
< 23:35:16.022895 h2_session.c(1704): AH03078: h2_session(81,DONE,1):
transit [BUSY] -- local goaway --> [DONE]
< 23:35:16.022900 h2_mplx.c(1240): h2_mplx(81): dispatch events
< 23:35:16.022905 h2_session.c(2364): h2_session(81,DONE,1): process returns
< 23:35:16.022909 h2_conn.c(217): (70014)End of file found: AH03045:
h2_session(81,DONE,1): process, closing conn
< 23:35:16.022916 h2_session.c(2382): h2_session(81,DONE,1): pre_close
< 23:35:16.022920 h2_session.c(725): h2_session(81,DONE,1): pool_cleanup
< 23:35:16.022924 h2_session.c(1704): AH03078:
h2_session(81,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
< 23:35:16.022929 h2_stream.c(612): h2_stream(81-1,HALF_CLOSED_REMOTE):
reset, error=0
< 23:35:16.022941 h2_stream.c(344): h2_stream(81-1,HALF_CLOSED_REMOTE):
dispatch event 2
< 23:35:16.022945 h2_stream.c(302): h2_stream(81-1,HALF_CLOSED_REMOTE):
transit to [CLOSED]
< 23:35:16.022949 h2_stream.c(211): h2_stream(81-1,CLOSED): closing input
< 23:35:16.022953 h2_stream.c(344): h2_stream(81-1,CLOSED): dispatch event 3
< 23:35:16.022957 h2_stream.c(302): h2_stream(81-1,CLOSED): transit to
[CLEANUP]
< 23:35:16.022963 h2_ngn_shed.c(144): AH03394: h2_ngn_shed(81): abort
Whereas 1.1.0i proceeds processing and sends the result back
...
Regards,
Rainer
Am 13.10.2018 um 23:07 schrieb Rainer Jung:
> Hi Stefan,
>
> it is the "input gone" (APR_EOF) case which went unnoticed by me.
> Although I patch the test suite to run with trace8 log level, http2 was
> set to debug in the test suite config and the "input gone" message is a
> trace message. See below for more details. The question is still whether
> this should have been handled non-fatally. Currently curl fails to do h2
> with httpd 2.4.36 as set up by the test suite.
>
> Am 13.10.2018 um 18:53 schrieb Stefan Eissing:
>> Hi Rainer,
>>
>> according to the log, the h2 code must be in the H2_SESSION_ST_BUSY
>> state and the only cause I see is the same as you, namely an
>> unexpected status from h2_session_read(), which should come via
>>
>> status = ap_get_brigade(c->input_filters,
>> session->bbtmp, AP_MODE_READBYTES,
>> block? APR_BLOCK_READ :
>> APR_NONBLOCK_READ,
>> H2MAX(APR_BUCKET_BUFF_SIZE, readlen));
>>
>> block is 0 here and readlen should be (unless reconfigured via
>> H2StreamMaxMemSize) 32kb.
>>
>> Maybe you could just add a log line there to see what ap_get_brigade()
>> returned there?
>>
>> Strange.
>
> I hope most of the added http2:debug log lines with logno AH9999* are
> self-explaining:
>
> ...
>
> 22:25:25.934782 [core:trace8] core_filters.c(554): [client
> 127.0.0.1:36318] flushing now
>
> 22:25:25.934810 [core:trace8] core_filters.c(569): [client
> 127.0.0.1:36318] total bytes written: 3197
>
> 22:25:25.934816 [core:trace8] core_filters.c(580): [client
> 127.0.0.1:36318] brigade contains: bytes: 0, non-file bytes: 0, eor
> buckets: 0, morphing buckets: 0
>
> 22:25:25.934823 [http2:debug] h2_session.c(1552): [client
> 127.0.0.1:36318] AH99997: h2_session(75,BUSY,1): Into session_read
> non-blocking readlen 65536 read_start 103
>
> 22:25:25.934828 [http2:trace1] h2_filter.c(145): [client
> 127.0.0.1:36318] h2_session(75): read, NONBLOCK_READ, mode=0,
> readbytes=65536
>
> 22:25:25.934878 [ssl:trace4] ssl_engine_io.c(2213): [client
> 127.0.0.1:36318] OpenSSL: read 0/5 bytes from BIO#7ff098002b10 [mem:
> 7ff0980164d3] (BIO dump follows)
>
> 22:25:25.934894 [ssl:trace7] ssl_engine_io.c(2136): [client
> 127.0.0.1:36318]
> +-------------------------------------------------------------------------+
>
> 22:25:25.934898 [ssl:trace7] ssl_engine_io.c(2180): [client
> 127.0.0.1:36318]
> +-------------------------------------------------------------------------+
>
> 22:25:25.934903 [http2:trace1] h2_filter.c(190): (70014)End of file
> found: [client 127.0.0.1:36318] h2_session(75): read
>
> 22:25:25.934908 [http2:debug] h2_session.c(1563): (70014)End of file
> found: [client 127.0.0.1:36318] AH99990: h2_session(75,BUSY,1):
> session_read non-blocking readlen 65536 ap_get_brigade returned status
> 70014
>
> 22:25:25.934913 [http2:debug] h2_session.c(1603): (70014)End of file
> found: [client 127.0.0.1:36318] AH99998: h2_session(75,BUSY,1): input gone
>
> 22:25:25.934917 [http2:trace1] h2_session.c(1605): (70014)End of file
> found: [client 127.0.0.1:36318] h2_session(75,BUSY,1): input gone
>
> 22:25:25.934921 [http2:debug] h2_session.c(1616): [client
> 127.0.0.1:36318] AH99994: h2_session(75,BUSY,1): session_read
> non-blocking readlen 65536 status 70014 (default case)
> session->io.bytes_read == read_start (103 == 103) returning status 70014
>
> 22:25:25.934926 [http2:debug] h2_session.c(1645): (70014)End of file
> found: [client 127.0.0.1:36318] AH99999: h2_session(75,BUSY,1):
> h2_session_read non-blocking returning 70014
>
> 22:25:25.934931 [http2:debug] h2_session.c(1794): [client
> 127.0.0.1:36318] AH03401: h2_session(75,BUSY,1): conn error -> shutdown
>
> 22:25:25.934938 [http2:debug] h2_session.c(589): [client
> 127.0.0.1:36318] AH03068: h2_session(75,BUSY,1): sent
> FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
>
>
> I reduced my long list of loaded modules to check, whether a filter in
> some module interacts badly, but the problem still happens with the
> following modules loaded:
>
> mod_mpm_event.so
> mod_authn_file.so
> mod_authn_anon.so
> mod_authn_socache.so
> mod_authn_core.so
> mod_authz_host.so
> mod_authz_groupfile.so
> mod_authz_user.so
> mod_authz_owner.so
> mod_authz_core.so
> mod_access_compat.so
> mod_auth_basic.so
> mod_allowmethods.so
> mod_socache_shmcb.so
> mod_watchdog.so
> mod_macro.so
> mod_reqtimeout.so
> mod_filter.so
> mod_mime.so
> mod_log_debug.so
> mod_env.so
> mod_headers.so
> mod_unique_id.so
> mod_setenvif.so
> mod_version.so
> mod_remoteip.so
> mod_slotmem_shm.so
> mod_slotmem_plain.so
> mod_ssl.so
> mod_http2.so
> mod_unixd.so
> mod_heartbeat.so
> mod_heartmonitor.so
> mod_status.so
> mod_info.so
> mod_cgid.so
> mod_cgi.so
> mod_dir.so
> mod_alias.so
> mod_rewrite.so
>
> and the usual test modules:
>
> mod_eat_post.so
> mod_input_body_filter.so
> mod_test_pass_brigade.so
> mod_echo_post.so
> mod_nntp_like.so
> mod_fold.so
> mod_client_add_filter.so
> mod_memory_track.so
> mod_test_ssl.so
> mod_test_apr_uri.so
> mod_list_modules.so
> mod_random_chunk.so
> mod_authany.so
> mod_test_utilities.so
> mod_echo_post_chunk.so
> mod_test_rwrite.so
> mod_mime.so
> mod_alias.so
>
>
> I don't know how to correctly distinguish a real client gone from a 0
> byte non-blocking read.
>
> Regards,
>
> Rainer
>
>>> Am 13.10.2018 um 13:14 schrieb Rainer Jung <ra...@kippdata.de>:
>>>
>>> Hi Stefan,
>>>
>>> Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>>>>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>>>>
>>>>> I believe that t/modules/http2.t is dying in this:
>>>>>
>>>>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>>>>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>>>>
>>>>> piece of magic which I don't understand but possibly needs updating
>>>>> for
>>>>> TLSv1.3? Session handling is different now... everything is broken.
>>>> I think there was no official way to add SNI to AnyEvent and I had
>>>> to hack this. Unless anyone has another suggestion, I am in favour
>>>> of removing the t/modules/http2.t again.
>>>
>>> Note that if I manually send http2 requests using a recent curl, I
>>> get failures as well (for 2.4.36).
>>>
>>> The t/modules/http2.t indeed fails for each https test, even the
>>> simple first one retrieving / and checking for status 200. One bug
>>> seems to me in the test script, that it fails silently and simply
>>> notes that not all tests have run at the end.
>>>
>>> But if I only start the server using "t/TEST -start-httpd" and then
>>> run a curl test request against the h2 port 8557, I get failures as
>>> well. The server was build with TLS 1.3 support, but the failures
>>> occur with an 1.3 client but also with an 1.2 client (different
>>> builds of curl). I marked below lines probably indicating the failure
>>> with ^^^^^^^^ .
>>>
>>> Here are details:
>>>
>>> curl TLS 1.3 client output
>>> ==========================
>>>
>>> * Trying 127.0.0.1...
>>> * TCP_NODELAY set
>>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>>> * ALPN, offering h2
>>> * ALPN, offering http/1.1
>>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>>> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
>>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>>> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
>>> * ALPN, server accepted to use h2
>>> * Server certificate:
>>> * subject: C=US; ST=California; L=San Francisco; O=ASF;
>>> OU=httpd-test/rsa-test; CN=localhost;
>>> emailAddress=test-dev@httpd.apache.org
>>> * start date: Oct 13 08:40:49 2018 GMT
>>> * expire date: Oct 13 08:40:49 2019 GMT
>>> * issuer: C=US; ST=California; L=San Francisco; O=ASF;
>>> OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>>> * SSL certificate verify result: self signed certificate in
>>> certificate chain (19), continuing anyway.
>>> * Using HTTP2, server supports multi-use
>>> * Connection state changed (HTTP/2 confirmed)
>>> * Copying HTTP/2 data in stream buffer to connection buffer after
>>> upgrade: len=0
>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>> * Using Stream ID: 1 (easy handle 0x26ab080)
>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>>> GET / HTTP/2
>>>> Host: localhost:8557
>>>> User-Agent: curl/7.61.1
>>>> Accept: */*
>>>>
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>>> * TLSv1.3 (IN), TLS alert, [no content] (0):
>>> * TLSv1.3 (IN), TLS alert, close notify (256):
>>> * Empty reply from server
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>>> * Connection #0 to host localhost left intact
>>> curl: (52) Empty reply from server
>>>
>>> curl TLS 1.3 server error log
>>> =============================
>>>
>>> 12:37:23.974210 [example_hooks:notice] x_create_connection()
>>> 12:37:23.974598 [ssl:info] AH01964: Connection to child 66
>>> established (server localhost:8557)
>>> 12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding
>>> PRNG with 144 bytes of entropy
>>> 12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling
>>> non-blocking writes
>>> 12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
>>> Handshake: start
>>> 12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: before SSL initialization
>>> 12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
>>> 12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump
>>> follows)
>>> 12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: before SSL initialization
>>> 12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
>>> virtual host for servername localhost found
>>> 12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
>>> virtual host for servername localhost found
>>> 12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select
>>> protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>>> 12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select
>>> protocol, proposals=h2,http/1.1 preferences=h2,http/1.1
>>> configured=h2,http/1.1
>>> 12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected
>>> protocol=h2
>>> 12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read client hello
>>> 12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write server hello
>>> 12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write change cipher spec
>>> 12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: TLSv1.3 write encrypted extensions
>>> 12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write certificate
>>> 12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: TLSv1.3 write server certificate verify
>>> 12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump
>>> follows)
>>> 12:37:23.982723 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing
>>> buckets: 0
>>> 12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.982776 [core:trace8] core_filters.c(569): total bytes
>>> written: 2532
>>> 12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write finished
>>> 12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: TLSv1.3 early data
>>> 12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>>> 12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
>>> bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>>> 12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>>> 12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 69/69 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>>> 12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: TLSv1.3 early data
>>> 12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read finished
>>> 12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
>>> Handshake: done
>>> 12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
>>> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>> 12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
>>> Handshake: start
>>> 12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>>> 12:37:23.985747 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing
>>> buckets: 0
>>> 12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.985801 [core:trace8] core_filters.c(569): total bytes
>>> written: 2819
>>> 12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write session ticket
>>> 12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
>>> Handshake: done
>>> 12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
>>> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>> 12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
>>> Handshake: start
>>> 12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>>> 12:37:23.986138 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing
>>> buckets: 0
>>> 12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.986172 [core:trace8] core_filters.c(569): total bytes
>>> written: 3122
>>> 12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write session ticket
>>> 12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
>>> Handshake: done
>>> 12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
>>> Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>>> 12:37:23.986272 [http2:debug] h2_session.c(924): AH03200:
>>> h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768,
>>> workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>>> 12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201:
>>> h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
>>> MAX_CONCURRENT_STREAMS=100
>>> 12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079:
>>> h2_session(66,INIT,0): started on localhost:8557
>>> 12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
>>> 12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>> 12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 41/41 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>> 12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>> 12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 44/44 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>> 12:37:23.986530 [http2:debug] h2_session.c(341): AH03066:
>>> h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]],
>>> frames=0/0 (r/s)
>>> 12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>> 12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 30/30 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>> 12:37:23.986596 [http2:debug] h2_session.c(341): AH03066:
>>> h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0,
>>> incr=1073676289]], frames=1/0 (r/s)
>>> 12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>>> 12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 56/56 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>>> 12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082:
>>> h2_stream(66-1,IDLE): created
>>> 12:37:23.986837 [http2:debug] h2_session.c(341): AH03066:
>>> h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1,
>>> stream=1, eos=1]], frames=2/0 (r/s)
>>> 12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>>> 12:37:23.986926 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]],
>>> frames=3/1 (r/s)
>>> 12:37:23.986937 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]],
>>> frames=3/2 (r/s)
>>> 12:37:23.986944 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0,
>>> incr=2147418112]], frames=3/3 (r/s)
>>> 12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 59/59 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>> 12:37:23.987029 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.987060 [core:trace8] core_filters.c(569): total bytes
>>> written: 3181
>>> 12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
>>> bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>>> 12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401:
>>> h2_session(66,BUSY,1): conn error -> shutdown
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>> 12:37:23.987105 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='',
>>> last_stream=1]], frames=3/4 (r/s)
>>> 12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 39/39 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>> 12:37:23.987172 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.987195 [core:trace8] core_filters.c(569): total bytes
>>> written: 3220
>>> 12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.987205 [http2:debug] h2_session.c(715): AH03069:
>>> h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
>>> 12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
>>> 12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file
>>> found: AH03045: h2_session(66,DONE,1): process, closing conn
>>> 12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
>>> 12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook
>>> test said: GET / HTTP/2.0
>>> 12:37:23.992176 [optional_fn_export:error] AH01871: Optional function
>>> test said: GET / HTTP/2.0
>>> 12:37:23.992337 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.992357 [core:trace8] core_filters.c(569): total bytes
>>> written: 3220
>>> 12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 24/24 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>>> 12:37:23.992426 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.992470 [core:trace8] core_filters.c(569): total bytes
>>> written: 3244
>>> 12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL:
>>> Write: SSL negotiation finished successfully
>>> 12:37:23.992491 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
>>> 12:37:23.992503 [core:trace8] core_filters.c(569): total bytes
>>> written: 3244
>>> 12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001:
>>> Connection closed to child 66 with standard shutdown (server
>>> localhost:8557)
>>> 12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>
>>>
>>> curl TLS 1.2 client output
>>> ==========================
>>>
>>> * Trying 127.0.0.1...
>>> * TCP_NODELAY set
>>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>>> * ALPN, offering h2
>>> * ALPN, offering http/1.1
>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>>> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>>> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
>>> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>>> * TLSv1.2 (IN), TLS handshake, Finished (20):
>>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
>>> * ALPN, server accepted to use h2
>>> * Server certificate:
>>> * subject: C=US; ST=California; L=San Francisco; O=ASF;
>>> OU=httpd-test/rsa-test; CN=localhost;
>>> emailAddress=test-dev@httpd.apache.org
>>> * start date: Oct 13 08:40:49 2018 GMT
>>> * expire date: Oct 13 08:40:49 2019 GMT
>>> * issuer: C=US; ST=California; L=San Francisco; O=ASF;
>>> OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>>> * SSL certificate verify result: self signed certificate in
>>> certificate chain (19), continuing anyway.
>>> * Using HTTP2, server supports multi-use
>>> * Connection state changed (HTTP/2 confirmed)
>>> * Copying HTTP/2 data in stream buffer to connection buffer after
>>> upgrade: len=0
>>> * Using Stream ID: 1 (easy handle 0x1d5e5e0)
>>>> GET / HTTP/2
>>>> Host: localhost:8557
>>>> User-Agent: curl/7.61.1
>>>> Accept: */*
>>>>
>>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>>> * TLSv1.2 (IN), TLS alert, close notify (256):
>>> * Empty reply from server
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>>> * Connection #0 to host localhost left intact
>>> curl: (52) Empty reply from server
>>>
>>>
>>> curl TLS 1.2 server error log
>>> =============================
>>>
>>> 12:43:43.580661 [ssl:info] AH01964: Connection to child 83
>>> established (server localhost:8557)
>>> 12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling
>>> non-blocking writes
>>> 12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
>>> Handshake: start
>>> 12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: before SSL initialization
>>> 12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
>>> 12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump
>>> follows)
>>> 12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: before SSL initialization
>>> 12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
>>> virtual host for servername localhost found
>>> 12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
>>> virtual host for servername localhost found
>>> 12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select
>>> protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>>> 12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select
>>> protocol, proposals=h2,http/1.1 preferences=h2,http/1.1
>>> configured=h2,http/1.1
>>> 12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected
>>> protocol=h2
>>> 12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read client hello
>>> 12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write server hello
>>> 12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write certificate
>>> 12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write key exchange
>>> 12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump
>>> follows)
>>> 12:43:43.585620 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing
>>> buckets: 0
>>> 12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.585682 [core:trace8] core_filters.c(569): total bytes
>>> written: 2398
>>> 12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write server done
>>> 12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
>>> 12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 70/70 bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
>>> 12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write server done
>>> 12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>>> 12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
>>> bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>>> 12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read client key exchange
>>> 12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
>>> bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>>> 12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
>>> 40/40 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>>> 12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read change cipher spec
>>> 12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS read finished
>>> 12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write change cipher spec
>>> 12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 51/51 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
>>> 12:43:43.587737 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.587779 [core:trace8] core_filters.c(569): total bytes
>>> written: 2449
>>> 12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL:
>>> Loop: SSLv3/TLS write finished
>>> 12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
>>> Handshake: done
>>> 12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
>>> Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>>> 12:43:43.587888 [http2:debug] h2_session.c(924): AH03200:
>>> h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768,
>>> workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>>> 12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201:
>>> h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
>>> MAX_CONCURRENT_STREAMS=100
>>> 12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079:
>>> h2_session(83,INIT,0): started on localhost:8557
>>> 12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
>>> 12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
>>> bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
>>> 12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401:
>>> h2_session(83,BUSY,0): conn error -> shutdown
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>> 12:43:43.587985 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]],
>>> frames=0/1 (r/s)
>>> 12:43:43.587992 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0,
>>> incr=2147418112]], frames=0/2 (r/s)
>>> 12:43:43.587998 [http2:debug] h2_session.c(589): AH03068:
>>> h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='',
>>> last_stream=0]], frames=0/3 (r/s)
>>> 12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 74/74 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>>> 12:43:43.588090 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.588112 [core:trace8] core_filters.c(569): total bytes
>>> written: 2523
>>> 12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588122 [http2:debug] h2_session.c(715): AH03069:
>>> h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
>>> 12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
>>> 12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file
>>> found: AH03045: h2_session(83,DONE,0): process, closing conn
>>> 12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078:
>>> h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
>>> 12:43:43.588163 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.588174 [core:trace8] core_filters.c(569): total bytes
>>> written: 2523
>>> 12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
>>> 31/31 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>>> 12:43:43.588219 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.588239 [core:trace8] core_filters.c(569): total bytes
>>> written: 2554
>>> 12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL:
>>> Write: SSL negotiation finished successfully
>>> 12:43:43.588253 [core:trace6] core_filters.c(525): will flush because
>>> of FLUSH bucket
>>> 12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so
>>> far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
>>> 12:43:43.588263 [core:trace8] core_filters.c(569): total bytes
>>> written: 2554
>>> 12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>> 12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001:
>>> Connection closed to child 83 with standard shutdown (server
>>> localhost:8557)
>>> 12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains:
>>> bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>>
>>> Could it be, that the ssl read directly above the conn error detected
>>> is the culprit. It reads 0 bytes. Maybe we are in h2_session.c in
>>> this block:
>>>
>>> 2215 case H2_SESSION_ST_BUSY:
>>> 2216 if (nghttp2_session_want_read(session->ngh2)) {
>>> 2217 ap_update_child_status(session->c->sbh,
>>> SERVER_BUSY_READ, NULL);
>>> 2218 h2_filter_cin_timeout_set(session->cin,
>>> session->s->timeout);
>>> 2219 status = h2_session_read(session, 0);
>>> 2220 if (status == APR_SUCCESS) {
>>> 2221 session->have_read = 1;
>>> 2222 }
>>> 2223 else if (status == APR_EAGAIN) {
>>> 2224 /* nothing to read */
>>> 2225 }
>>> 2226 else if (APR_STATUS_IS_TIMEUP(status)) {
>>> 2227 dispatch_event(session,
>>> H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
>>> 2228 break;
>>> 2229 }
>>> 2230 else {
>>> 2231 dispatch_event(session,
>>> H2_SESSION_EV_CONN_ERROR, 0, NULL);
>>> 2232 }
>>> 2233 }
>>>
>>> and maybe h2_session_read() (using session_read()) returns an
>>> unexpected result code? Although I must confess, this is speculation
>>> and I don't really see, where this could happen.
>>>
>>> Regards,
>>>
>>> Rainer
Re: Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T&R 2.4.36]
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Stefan,
it is the "input gone" (APR_EOF) case which went unnoticed by me.
Although I patch the test suite to run with trace8 log level, http2 was
set to debug in the test suite config and the "input gone" message is a
trace message. See below for more details. The question is still whether
this should have been handled non-fatally. Currently curl fails to do h2
with httpd 2.4.36 as set up by the test suite.
Am 13.10.2018 um 18:53 schrieb Stefan Eissing:
> Hi Rainer,
>
> according to the log, the h2 code must be in the H2_SESSION_ST_BUSY state and the only cause I see is the same as you, namely an unexpected status from h2_session_read(), which should come via
>
> status = ap_get_brigade(c->input_filters,
> session->bbtmp, AP_MODE_READBYTES,
> block? APR_BLOCK_READ : APR_NONBLOCK_READ,
> H2MAX(APR_BUCKET_BUFF_SIZE, readlen));
>
> block is 0 here and readlen should be (unless reconfigured via H2StreamMaxMemSize) 32kb.
>
> Maybe you could just add a log line there to see what ap_get_brigade() returned there?
>
> Strange.
I hope most of the added http2:debug log lines with logno AH9999* are
self-explaining:
...
22:25:25.934782 [core:trace8] core_filters.c(554): [client
127.0.0.1:36318] flushing now
22:25:25.934810 [core:trace8] core_filters.c(569): [client
127.0.0.1:36318] total bytes written: 3197
22:25:25.934816 [core:trace8] core_filters.c(580): [client
127.0.0.1:36318] brigade contains: bytes: 0, non-file bytes: 0, eor
buckets: 0, morphing buckets: 0
22:25:25.934823 [http2:debug] h2_session.c(1552): [client
127.0.0.1:36318] AH99997: h2_session(75,BUSY,1): Into session_read
non-blocking readlen 65536 read_start 103
22:25:25.934828 [http2:trace1] h2_filter.c(145): [client
127.0.0.1:36318] h2_session(75): read, NONBLOCK_READ, mode=0,
readbytes=65536
22:25:25.934878 [ssl:trace4] ssl_engine_io.c(2213): [client
127.0.0.1:36318] OpenSSL: read 0/5 bytes from BIO#7ff098002b10 [mem:
7ff0980164d3] (BIO dump follows)
22:25:25.934894 [ssl:trace7] ssl_engine_io.c(2136): [client
127.0.0.1:36318]
+-------------------------------------------------------------------------+
22:25:25.934898 [ssl:trace7] ssl_engine_io.c(2180): [client
127.0.0.1:36318]
+-------------------------------------------------------------------------+
22:25:25.934903 [http2:trace1] h2_filter.c(190): (70014)End of file
found: [client 127.0.0.1:36318] h2_session(75): read
22:25:25.934908 [http2:debug] h2_session.c(1563): (70014)End of file
found: [client 127.0.0.1:36318] AH99990: h2_session(75,BUSY,1):
session_read non-blocking readlen 65536 ap_get_brigade returned status 70014
22:25:25.934913 [http2:debug] h2_session.c(1603): (70014)End of file
found: [client 127.0.0.1:36318] AH99998: h2_session(75,BUSY,1): input gone
22:25:25.934917 [http2:trace1] h2_session.c(1605): (70014)End of file
found: [client 127.0.0.1:36318] h2_session(75,BUSY,1): input gone
22:25:25.934921 [http2:debug] h2_session.c(1616): [client
127.0.0.1:36318] AH99994: h2_session(75,BUSY,1): session_read
non-blocking readlen 65536 status 70014 (default case)
session->io.bytes_read == read_start (103 == 103) returning status 70014
22:25:25.934926 [http2:debug] h2_session.c(1645): (70014)End of file
found: [client 127.0.0.1:36318] AH99999: h2_session(75,BUSY,1):
h2_session_read non-blocking returning 70014
22:25:25.934931 [http2:debug] h2_session.c(1794): [client
127.0.0.1:36318] AH03401: h2_session(75,BUSY,1): conn error -> shutdown
22:25:25.934938 [http2:debug] h2_session.c(589): [client
127.0.0.1:36318] AH03068: h2_session(75,BUSY,1): sent
FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
I reduced my long list of loaded modules to check, whether a filter in
some module interacts badly, but the problem still happens with the
following modules loaded:
mod_mpm_event.so
mod_authn_file.so
mod_authn_anon.so
mod_authn_socache.so
mod_authn_core.so
mod_authz_host.so
mod_authz_groupfile.so
mod_authz_user.so
mod_authz_owner.so
mod_authz_core.so
mod_access_compat.so
mod_auth_basic.so
mod_allowmethods.so
mod_socache_shmcb.so
mod_watchdog.so
mod_macro.so
mod_reqtimeout.so
mod_filter.so
mod_mime.so
mod_log_debug.so
mod_env.so
mod_headers.so
mod_unique_id.so
mod_setenvif.so
mod_version.so
mod_remoteip.so
mod_slotmem_shm.so
mod_slotmem_plain.so
mod_ssl.so
mod_http2.so
mod_unixd.so
mod_heartbeat.so
mod_heartmonitor.so
mod_status.so
mod_info.so
mod_cgid.so
mod_cgi.so
mod_dir.so
mod_alias.so
mod_rewrite.so
and the usual test modules:
mod_eat_post.so
mod_input_body_filter.so
mod_test_pass_brigade.so
mod_echo_post.so
mod_nntp_like.so
mod_fold.so
mod_client_add_filter.so
mod_memory_track.so
mod_test_ssl.so
mod_test_apr_uri.so
mod_list_modules.so
mod_random_chunk.so
mod_authany.so
mod_test_utilities.so
mod_echo_post_chunk.so
mod_test_rwrite.so
mod_mime.so
mod_alias.so
I don't know how to correctly distinguish a real client gone from a 0
byte non-blocking read.
Regards,
Rainer
>> Am 13.10.2018 um 13:14 schrieb Rainer Jung <ra...@kippdata.de>:
>>
>> Hi Stefan,
>>
>> Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>>>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>>>
>>>> I believe that t/modules/http2.t is dying in this:
>>>>
>>>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>>>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>>>
>>>> piece of magic which I don't understand but possibly needs updating for
>>>> TLSv1.3? Session handling is different now... everything is broken.
>>> I think there was no official way to add SNI to AnyEvent and I had to hack this. Unless anyone has another suggestion, I am in favour of removing the t/modules/http2.t again.
>>
>> Note that if I manually send http2 requests using a recent curl, I get failures as well (for 2.4.36).
>>
>> The t/modules/http2.t indeed fails for each https test, even the simple first one retrieving / and checking for status 200. One bug seems to me in the test script, that it fails silently and simply notes that not all tests have run at the end.
>>
>> But if I only start the server using "t/TEST -start-httpd" and then run a curl test request against the h2 port 8557, I get failures as well. The server was build with TLS 1.3 support, but the failures occur with an 1.3 client but also with an 1.2 client (different builds of curl). I marked below lines probably indicating the failure with ^^^^^^^^ .
>>
>> Here are details:
>>
>> curl TLS 1.3 client output
>> ==========================
>>
>> * Trying 127.0.0.1...
>> * TCP_NODELAY set
>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>> * ALPN, offering h2
>> * ALPN, offering http/1.1
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, Certificate (11):
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, Finished (20):
>> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
>> * TLSv1.3 (OUT), TLS handshake, Finished (20):
>> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
>> * ALPN, server accepted to use h2
>> * Server certificate:
>> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
>> * start date: Oct 13 08:40:49 2018 GMT
>> * expire date: Oct 13 08:40:49 2019 GMT
>> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>> * Using HTTP2, server supports multi-use
>> * Connection state changed (HTTP/2 confirmed)
>> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>> * Using Stream ID: 1 (easy handle 0x26ab080)
>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>>> GET / HTTP/2
>>> Host: localhost:8557
>>> User-Agent: curl/7.61.1
>>> Accept: */*
>>>
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> * TLSv1.3 (IN), TLS handshake, [no content] (0):
>> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>> * TLSv1.3 (OUT), TLS app data, [no content] (0):
>> * TLSv1.3 (IN), TLS app data, [no content] (0):
>> * TLSv1.3 (IN), TLS alert, [no content] (0):
>> * TLSv1.3 (IN), TLS alert, close notify (256):
>> * Empty reply from server
>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> * Connection #0 to host localhost left intact
>> curl: (52) Empty reply from server
>>
>> curl TLS 1.3 server error log
>> =============================
>>
>> 12:37:23.974210 [example_hooks:notice] x_create_connection()
>> 12:37:23.974598 [ssl:info] AH01964: Connection to child 66 established (server localhost:8557)
>> 12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding PRNG with 144 bytes of entropy
>> 12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
>> 12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>> 12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>> 12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
>> 12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump follows)
>> 12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>> 12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>> 12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>> 12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>> 12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
>> 12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
>> 12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
>> 12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
>> 12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
>> 12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write encrypted extensions
>> 12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
>> 12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write server certificate verify
>> 12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
>> 12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>> 12:37:23.982723 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
>> 12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.982776 [core:trace8] core_filters.c(569): total bytes written: 2532
>> 12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
>> 12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
>> 12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>> 12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>> 12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
>> 12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 69/69 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
>> 12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
>> 12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
>> 12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>> 12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>> 12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>> 12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
>> 12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>> 12:37:23.985747 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
>> 12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.985801 [core:trace8] core_filters.c(569): total bytes written: 2819
>> 12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
>> 12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>> 12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>> 12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>> 12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
>> 12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
>> 12:37:23.986138 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
>> 12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.986172 [core:trace8] core_filters.c(569): total bytes written: 3122
>> 12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
>> 12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>> 12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
>> 12:37:23.986272 [http2:debug] h2_session.c(924): AH03200: h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>> 12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201: h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
>> 12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079: h2_session(66,INIT,0): started on localhost:8557
>> 12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
>> 12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>> 12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 41/41 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>> 12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>> 12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 44/44 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>> 12:37:23.986530 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]], frames=0/0 (r/s)
>> 12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>> 12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 30/30 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>> 12:37:23.986596 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/0 (r/s)
>> 12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
>> 12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 56/56 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
>> 12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082: h2_stream(66-1,IDLE): created
>> 12:37:23.986837 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/0 (r/s)
>> 12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>> 12:37:23.986926 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]], frames=3/1 (r/s)
>> 12:37:23.986937 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
>> 12:37:23.986944 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=3/3 (r/s)
>> 12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>> 12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>> 12:37:23.987029 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
>> 12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.987060 [core:trace8] core_filters.c(569): total bytes written: 3181
>> 12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
>> 12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401: h2_session(66,BUSY,1): conn error -> shutdown
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> 12:37:23.987105 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
>> 12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>> 12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 39/39 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>> 12:37:23.987172 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
>> 12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.987195 [core:trace8] core_filters.c(569): total bytes written: 3220
>> 12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.987205 [http2:debug] h2_session.c(715): AH03069: h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
>> 12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
>> 12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(66,DONE,1): process, closing conn
>> 12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
>> 12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook test said: GET / HTTP/2.0
>> 12:37:23.992176 [optional_fn_export:error] AH01871: Optional function test said: GET / HTTP/2.0
>> 12:37:23.992337 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.992357 [core:trace8] core_filters.c(569): total bytes written: 3220
>> 12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 24/24 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
>> 12:37:23.992426 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.992470 [core:trace8] core_filters.c(569): total bytes written: 3244
>> 12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
>> 12:37:23.992491 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
>> 12:37:23.992503 [core:trace8] core_filters.c(569): total bytes written: 3244
>> 12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 66 with standard shutdown (server localhost:8557)
>> 12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>
>>
>> curl TLS 1.2 client output
>> ==========================
>>
>> * Trying 127.0.0.1...
>> * TCP_NODELAY set
>> * Connected to localhost (127.0.0.1) port 8557 (#0)
>> * ALPN, offering h2
>> * ALPN, offering http/1.1
>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
>> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>> * TLSv1.2 (IN), TLS handshake, Finished (20):
>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
>> * ALPN, server accepted to use h2
>> * Server certificate:
>> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
>> * start date: Oct 13 08:40:49 2018 GMT
>> * expire date: Oct 13 08:40:49 2019 GMT
>> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
>> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
>> * Using HTTP2, server supports multi-use
>> * Connection state changed (HTTP/2 confirmed)
>> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
>> * Using Stream ID: 1 (easy handle 0x1d5e5e0)
>>> GET / HTTP/2
>>> Host: localhost:8557
>>> User-Agent: curl/7.61.1
>>> Accept: */*
>>>
>> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>> * TLSv1.2 (IN), TLS alert, close notify (256):
>> * Empty reply from server
>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> * Connection #0 to host localhost left intact
>> curl: (52) Empty reply from server
>>
>>
>> curl TLS 1.2 server error log
>> =============================
>>
>> 12:43:43.580661 [ssl:info] AH01964: Connection to child 83 established (server localhost:8557)
>> 12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
>> 12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
>> 12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>> 12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
>> 12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump follows)
>> 12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
>> 12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>> 12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
>> 12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
>> 12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
>> 12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
>> 12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
>> 12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
>> 12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
>> 12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write key exchange
>> 12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
>> 12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
>> 12:43:43.585620 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
>> 12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.585682 [core:trace8] core_filters.c(569): total bytes written: 2398
>> 12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
>> 12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
>> 12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 70/70 bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
>> 12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
>> 12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>> 12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>> 12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client key exchange
>> 12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
>> 12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 40/40 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
>> 12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read change cipher spec
>> 12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
>> 12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
>> 12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>> 12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 51/51 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
>> 12:43:43.587737 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
>> 12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.587779 [core:trace8] core_filters.c(569): total bytes written: 2449
>> 12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
>> 12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
>> 12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>> 12:43:43.587888 [http2:debug] h2_session.c(924): AH03200: h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
>> 12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201: h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
>> 12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079: h2_session(83,INIT,0): started on localhost:8557
>> 12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
>> 12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
>> 12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401: h2_session(83,BUSY,0): conn error -> shutdown
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> 12:43:43.587985 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
>> 12:43:43.587992 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
>> 12:43:43.587998 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='', last_stream=0]], frames=0/3 (r/s)
>> 12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 74/74 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>> 12:43:43.588090 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.588112 [core:trace8] core_filters.c(569): total bytes written: 2523
>> 12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588122 [http2:debug] h2_session.c(715): AH03069: h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
>> 12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
>> 12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(83,DONE,0): process, closing conn
>> 12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
>> 12:43:43.588163 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.588174 [core:trace8] core_filters.c(569): total bytes written: 2523
>> 12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 31/31 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
>> 12:43:43.588219 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.588239 [core:trace8] core_filters.c(569): total bytes written: 2554
>> 12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
>> 12:43:43.588253 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
>> 12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
>> 12:43:43.588263 [core:trace8] core_filters.c(569): total bytes written: 2554
>> 12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>> 12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 83 with standard shutdown (server localhost:8557)
>> 12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>>
>> Could it be, that the ssl read directly above the conn error detected is the culprit. It reads 0 bytes. Maybe we are in h2_session.c in this block:
>>
>> 2215 case H2_SESSION_ST_BUSY:
>> 2216 if (nghttp2_session_want_read(session->ngh2)) {
>> 2217 ap_update_child_status(session->c->sbh, SERVER_BUSY_READ, NULL);
>> 2218 h2_filter_cin_timeout_set(session->cin, session->s->timeout);
>> 2219 status = h2_session_read(session, 0);
>> 2220 if (status == APR_SUCCESS) {
>> 2221 session->have_read = 1;
>> 2222 }
>> 2223 else if (status == APR_EAGAIN) {
>> 2224 /* nothing to read */
>> 2225 }
>> 2226 else if (APR_STATUS_IS_TIMEUP(status)) {
>> 2227 dispatch_event(session, H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
>> 2228 break;
>> 2229 }
>> 2230 else {
>> 2231 dispatch_event(session, H2_SESSION_EV_CONN_ERROR, 0, NULL);
>> 2232 }
>> 2233 }
>>
>> and maybe h2_session_read() (using session_read()) returns an unexpected result code? Although I must confess, this is speculation and I don't really see, where this could happen.
>>
>> Regards,
>>
>> Rainer
Re: Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T&R 2.4.36]
Posted by Stefan Eissing <st...@greenbytes.de>.
Hi Rainer,
according to the log, the h2 code must be in the H2_SESSION_ST_BUSY state and the only cause I see is the same as you, namely an unexpected status from h2_session_read(), which should come via
status = ap_get_brigade(c->input_filters,
session->bbtmp, AP_MODE_READBYTES,
block? APR_BLOCK_READ : APR_NONBLOCK_READ,
H2MAX(APR_BUCKET_BUFF_SIZE, readlen));
block is 0 here and readlen should be (unless reconfigured via H2StreamMaxMemSize) 32kb.
Maybe you could just add a log line there to see what ap_get_brigade() returned there?
Strange.
-Stefan
> Am 13.10.2018 um 13:14 schrieb Rainer Jung <ra...@kippdata.de>:
>
> Hi Stefan,
>
> Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>>
>>> I believe that t/modules/http2.t is dying in this:
>>>
>>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>>
>>> piece of magic which I don't understand but possibly needs updating for
>>> TLSv1.3? Session handling is different now... everything is broken.
>> I think there was no official way to add SNI to AnyEvent and I had to hack this. Unless anyone has another suggestion, I am in favour of removing the t/modules/http2.t again.
>
> Note that if I manually send http2 requests using a recent curl, I get failures as well (for 2.4.36).
>
> The t/modules/http2.t indeed fails for each https test, even the simple first one retrieving / and checking for status 200. One bug seems to me in the test script, that it fails silently and simply notes that not all tests have run at the end.
>
> But if I only start the server using "t/TEST -start-httpd" and then run a curl test request against the h2 port 8557, I get failures as well. The server was build with TLS 1.3 support, but the failures occur with an 1.3 client but also with an 1.2 client (different builds of curl). I marked below lines probably indicating the failure with ^^^^^^^^ .
>
> Here are details:
>
> curl TLS 1.3 client output
> ==========================
>
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to localhost (127.0.0.1) port 8557 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use h2
> * Server certificate:
> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
> * start date: Oct 13 08:40:49 2018 GMT
> * expire date: Oct 13 08:40:49 2019 GMT
> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> * Using HTTP2, server supports multi-use
> * Connection state changed (HTTP/2 confirmed)
> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * Using Stream ID: 1 (easy handle 0x26ab080)
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> > GET / HTTP/2
> > Host: localhost:8557
> > User-Agent: curl/7.61.1
> > Accept: */*
> >
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> * TLSv1.3 (IN), TLS alert, [no content] (0):
> * TLSv1.3 (IN), TLS alert, close notify (256):
> * Empty reply from server
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> * Connection #0 to host localhost left intact
> curl: (52) Empty reply from server
>
> curl TLS 1.3 server error log
> =============================
>
> 12:37:23.974210 [example_hooks:notice] x_create_connection()
> 12:37:23.974598 [ssl:info] AH01964: Connection to child 66 established (server localhost:8557)
> 12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding PRNG with 144 bytes of entropy
> 12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
> 12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
> 12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
> 12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
> 12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump follows)
> 12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
> 12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
> 12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
> 12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
> 12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
> 12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
> 12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
> 12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
> 12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
> 12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write encrypted extensions
> 12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
> 12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 write server certificate verify
> 12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
> 12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.982723 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
> 12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.982776 [core:trace8] core_filters.c(569): total bytes written: 2532
> 12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
> 12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
> 12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
> 12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
> 12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
> 12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 69/69 bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
> 12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: TLSv1.3 early data
> 12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
> 12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
> 12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
> 12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
> 12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.985747 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
> 12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.985801 [core:trace8] core_filters.c(569): total bytes written: 2819
> 12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
> 12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
> 12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
> 12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
> 12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
> 12:37:23.986138 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
> 12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.986172 [core:trace8] core_filters.c(569): total bytes written: 3122
> 12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write session ticket
> 12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
> 12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
> 12:37:23.986272 [http2:debug] h2_session.c(924): AH03200: h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
> 12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201: h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
> 12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079: h2_session(66,INIT,0): started on localhost:8557
> 12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
> 12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 41/41 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 44/44 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986530 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]], frames=0/0 (r/s)
> 12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 30/30 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986596 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0, incr=1073676289]], frames=1/0 (r/s)
> 12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
> 12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 56/56 bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
> 12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082: h2_stream(66-1,IDLE): created
> 12:37:23.986837 [http2:debug] h2_session.c(341): AH03066: h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1, eos=1]], frames=2/0 (r/s)
> 12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
> 12:37:23.986926 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]], frames=3/1 (r/s)
> 12:37:23.986937 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2 (r/s)
> 12:37:23.986944 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=3/3 (r/s)
> 12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> 12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.987029 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
> 12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.987060 [core:trace8] core_filters.c(569): total bytes written: 3181
> 12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
> 12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401: h2_session(66,BUSY,1): conn error -> shutdown
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 12:37:23.987105 [http2:debug] h2_session.c(589): AH03068: h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='', last_stream=1]], frames=3/4 (r/s)
> 12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> 12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 39/39 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.987172 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
> 12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.987195 [core:trace8] core_filters.c(569): total bytes written: 3220
> 12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.987205 [http2:debug] h2_session.c(715): AH03069: h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
> 12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
> 12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(66,DONE,1): process, closing conn
> 12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078: h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
> 12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook test said: GET / HTTP/2.0
> 12:37:23.992176 [optional_fn_export:error] AH01871: Optional function test said: GET / HTTP/2.0
> 12:37:23.992337 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992357 [core:trace8] core_filters.c(569): total bytes written: 3220
> 12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
> 12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 24/24 bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
> 12:37:23.992426 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
> 12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992470 [core:trace8] core_filters.c(569): total bytes written: 3244
> 12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
> 12:37:23.992491 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
> 12:37:23.992503 [core:trace8] core_filters.c(569): total bytes written: 3244
> 12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 66 with standard shutdown (server localhost:8557)
> 12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
>
> curl TLS 1.2 client output
> ==========================
>
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> * Connected to localhost (127.0.0.1) port 8557 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * ALPN, server accepted to use h2
> * Server certificate:
> * subject: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
> * start date: Oct 13 08:40:49 2018 GMT
> * expire date: Oct 13 08:40:49 2019 GMT
> * issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test; CN=ca; emailAddress=test-dev@httpd.apache.org
> * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> * Using HTTP2, server supports multi-use
> * Connection state changed (HTTP/2 confirmed)
> * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
> * Using Stream ID: 1 (easy handle 0x1d5e5e0)
> > GET / HTTP/2
> > Host: localhost:8557
> > User-Agent: curl/7.61.1
> > Accept: */*
> >
> * Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
> * TLSv1.2 (IN), TLS alert, close notify (256):
> * Empty reply from server
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> * Connection #0 to host localhost left intact
> curl: (52) Empty reply from server
>
>
> curl TLS 1.2 server error log
> =============================
>
> 12:43:43.580661 [ssl:info] AH01964: Connection to child 83 established (server localhost:8557)
> 12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling non-blocking writes
> 12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL: Handshake: start
> 12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
> 12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
> 12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump follows)
> 12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: before SSL initialization
> 12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
> 12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found
> 12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select protocol from h2,http/1.1, choices=h2,http/1.1 for server localhost
> 12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select protocol, proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
> 12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
> 12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client hello
> 12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server hello
> 12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write certificate
> 12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write key exchange
> 12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
> 12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
> 12:43:43.585620 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
> 12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.585682 [core:trace8] core_filters.c(569): total bytes written: 2398
> 12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
> 12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
> 12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 70/70 bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
> 12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write server done
> 12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
> 12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
> 12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read client key exchange
> 12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5 bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
> 12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 40/40 bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
> 12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read change cipher spec
> 12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS read finished
> 12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write change cipher spec
> 12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
> 12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 51/51 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
> 12:43:43.587737 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
> 12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.587779 [core:trace8] core_filters.c(569): total bytes written: 2449
> 12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop: SSLv3/TLS write finished
> 12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL: Handshake: done
> 12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> 12:43:43.587888 [http2:debug] h2_session.c(924): AH03200: h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768, workers_limit=6, workers_max=37, push_diary(type=1,N=256)
> 12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201: h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
> 12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079: h2_session(83,INIT,0): started on localhost:8557
> 12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
> 12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5 bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
> 12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401: h2_session(83,BUSY,0): conn error -> shutdown
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 12:43:43.587985 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]], frames=0/1 (r/s)
> 12:43:43.587992 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0, incr=2147418112]], frames=0/2 (r/s)
> 12:43:43.587998 [http2:debug] h2_session.c(589): AH03068: h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='', last_stream=0]], frames=0/3 (r/s)
> 12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
> 12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 74/74 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
> 12:43:43.588090 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
> 12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588112 [core:trace8] core_filters.c(569): total bytes written: 2523
> 12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588122 [http2:debug] h2_session.c(715): AH03069: h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
> 12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
> 12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file found: AH03045: h2_session(83,DONE,0): process, closing conn
> 12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078: h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
> 12:43:43.588163 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588174 [core:trace8] core_filters.c(569): total bytes written: 2523
> 12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
> 12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 31/31 bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
> 12:43:43.588219 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
> 12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588239 [core:trace8] core_filters.c(569): total bytes written: 2554
> 12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write: SSL negotiation finished successfully
> 12:43:43.588253 [core:trace6] core_filters.c(525): will flush because of FLUSH bucket
> 12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
> 12:43:43.588263 [core:trace8] core_filters.c(569): total bytes written: 2554
> 12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
> 12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection closed to child 83 with standard shutdown (server localhost:8557)
> 12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
>
> Could it be, that the ssl read directly above the conn error detected is the culprit. It reads 0 bytes. Maybe we are in h2_session.c in this block:
>
> 2215 case H2_SESSION_ST_BUSY:
> 2216 if (nghttp2_session_want_read(session->ngh2)) {
> 2217 ap_update_child_status(session->c->sbh, SERVER_BUSY_READ, NULL);
> 2218 h2_filter_cin_timeout_set(session->cin, session->s->timeout);
> 2219 status = h2_session_read(session, 0);
> 2220 if (status == APR_SUCCESS) {
> 2221 session->have_read = 1;
> 2222 }
> 2223 else if (status == APR_EAGAIN) {
> 2224 /* nothing to read */
> 2225 }
> 2226 else if (APR_STATUS_IS_TIMEUP(status)) {
> 2227 dispatch_event(session, H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
> 2228 break;
> 2229 }
> 2230 else {
> 2231 dispatch_event(session, H2_SESSION_EV_CONN_ERROR, 0, NULL);
> 2232 }
> 2233 }
>
> and maybe h2_session_read() (using session_read()) returns an unexpected result code? Although I must confess, this is speculation and I don't really see, where this could happen.
>
> Regards,
>
> Rainer
Failing http2.t in 2.4.36 [Was: NOTICE: Intent to T&R 2.4.36]
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Stefan,
Am 10.10.2018 um 16:04 schrieb Stefan Eissing:
>
>> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>>
>> I believe that t/modules/http2.t is dying in this:
>>
>> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
>> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>>
>> piece of magic which I don't understand but possibly needs updating for
>> TLSv1.3? Session handling is different now... everything is broken.
>
> I think there was no official way to add SNI to AnyEvent and I had to hack this. Unless anyone has another suggestion, I am in favour of removing the t/modules/http2.t again.
Note that if I manually send http2 requests using a recent curl, I get
failures as well (for 2.4.36).
The t/modules/http2.t indeed fails for each https test, even the simple
first one retrieving / and checking for status 200. One bug seems to me
in the test script, that it fails silently and simply notes that not all
tests have run at the end.
But if I only start the server using "t/TEST -start-httpd" and then run
a curl test request against the h2 port 8557, I get failures as well.
The server was build with TLS 1.3 support, but the failures occur with
an 1.3 client but also with an 1.2 client (different builds of curl). I
marked below lines probably indicating the failure with ^^^^^^^^ .
Here are details:
curl TLS 1.3 client output
==========================
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8557 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=ASF;
OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
* start date: Oct 13 08:40:49 2018 GMT
* expire date: Oct 13 08:40:49 2019 GMT
* issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test;
CN=ca; emailAddress=test-dev@httpd.apache.org
* SSL certificate verify result: self signed certificate in certificate
chain (19), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after
upgrade: len=0
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* Using Stream ID: 1 (easy handle 0x26ab080)
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/2
> Host: localhost:8557
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS alert, [no content] (0):
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
^^^^^^^^^^^^^^^^^^^^^^^^^
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
curl TLS 1.3 server error log
=============================
12:37:23.974210 [example_hooks:notice] x_create_connection()
12:37:23.974598 [ssl:info] AH01964: Connection to child 66 established
(server localhost:8557)
12:37:23.974726 [ssl:trace2] ssl_engine_rand.c(126): Server: Seeding
PRNG with 144 bytes of entropy
12:37:23.974787 [ssl:trace6] ssl_engine_io.c(2077): Enabling
non-blocking writes
12:37:23.974817 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
Handshake: start
12:37:23.974860 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
before SSL initialization
12:37:23.974886 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe6900083c3] (BIO dump follows)
12:37:23.974917 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
512/512 bytes from BIO#7fe690002b00 [mem: 7fe6900083c8] (BIO dump follows)
12:37:23.975115 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
before SSL initialization
12:37:23.975181 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
virtual host for servername localhost found
12:37:23.975202 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
virtual host for servername localhost found
12:37:23.975208 [core:debug] protocol.c(2314): AH03155: select protocol
from h2,http/1.1, choices=h2,http/1.1 for server localhost
12:37:23.975219 [core:debug] protocol.c(2359): AH03156: select protocol,
proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
12:37:23.975224 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
12:37:23.975272 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read client hello
12:37:23.975567 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write server hello
12:37:23.975644 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write change cipher spec
12:37:23.975665 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
TLSv1.3 write encrypted extensions
12:37:23.977991 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write certificate
12:37:23.981471 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
TLSv1.3 write server certificate verify
12:37:23.981515 [core:trace8] core_filters.c(580): brigade contains:
bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
12:37:23.981527 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
2532/2532 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
12:37:23.982723 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.982729 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 2532, non-file bytes: 2532, eor buckets: 0, morphing buckets: 0
12:37:23.982734 [core:trace8] core_filters.c(554): flushing now
12:37:23.982776 [core:trace8] core_filters.c(569): total bytes written: 2532
12:37:23.982783 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.982911 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write finished
12:37:23.982924 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
TLSv1.3 early data
12:37:23.985161 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
12:37:23.985206 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
12:37:23.985226 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690012683] (BIO dump follows)
12:37:23.985258 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 69/69
bytes from BIO#7fe690002b00 [mem: 7fe690012688] (BIO dump follows)
12:37:23.985318 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
TLSv1.3 early data
12:37:23.985395 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read finished
12:37:23.985404 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
Handshake: done
12:37:23.985434 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
12:37:23.985444 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
Handshake: start
12:37:23.985588 [core:trace8] core_filters.c(580): brigade contains:
bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
12:37:23.985602 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
287/287 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
12:37:23.985747 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.985751 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 287, non-file bytes: 287, eor buckets: 0, morphing buckets: 0
12:37:23.985756 [core:trace8] core_filters.c(554): flushing now
12:37:23.985801 [core:trace8] core_filters.c(569): total bytes written: 2819
12:37:23.985810 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.985817 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write session ticket
12:37:23.985823 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
Handshake: done
12:37:23.985832 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
12:37:23.985836 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
Handshake: start
12:37:23.985946 [core:trace8] core_filters.c(580): brigade contains:
bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
12:37:23.985968 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
303/303 bytes to BIO#7fe690002a40 [mem: 7fe690011670] (BIO dump follows)
12:37:23.986138 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.986150 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 303, non-file bytes: 303, eor buckets: 0, morphing buckets: 0
12:37:23.986154 [core:trace8] core_filters.c(554): flushing now
12:37:23.986172 [core:trace8] core_filters.c(569): total bytes written: 3122
12:37:23.986177 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.986183 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write session ticket
12:37:23.986202 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
Handshake: done
12:37:23.986215 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
12:37:23.986272 [http2:debug] h2_session.c(924): AH03200:
h2_session(66,INIT,0): created, max_streams=100, stream_mem=32768,
workers_limit=6, workers_max=37, push_diary(type=1,N=256)
12:37:23.986289 [http2:debug] h2_session.c(1017): AH03201:
h2_session(66,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
MAX_CONCURRENT_STREAMS=100
12:37:23.986308 [http2:debug] h2_session.c(2105): AH03079:
h2_session(66,INIT,0): started on localhost:8557
12:37:23.986314 [http2:debug] h2_session.c(1670): AH03078:
h2_session(66,BUSY,0): transit [INIT] -- init --> [BUSY]
12:37:23.986343 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
12:37:23.986367 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 41/41
bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
12:37:23.986441 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
12:37:23.986472 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 44/44
bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
12:37:23.986530 [http2:debug] h2_session.c(341): AH03066:
h2_session(66,BUSY,0): recv FRAME[SETTINGS[length=18, stream=0]],
frames=0/0 (r/s)
12:37:23.986544 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
12:37:23.986564 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 30/30
bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
12:37:23.986596 [http2:debug] h2_session.c(341): AH03066:
h2_session(66,BUSY,0): recv FRAME[WINDOW_UPDATE[stream=0,
incr=1073676289]], frames=1/0 (r/s)
12:37:23.986606 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe690002b00 [mem: 7fe690014593] (BIO dump follows)
12:37:23.986630 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 56/56
bytes from BIO#7fe690002b00 [mem: 7fe690014598] (BIO dump follows)
12:37:23.986684 [http2:debug] h2_stream.c(552): AH03082:
h2_stream(66-1,IDLE): created
12:37:23.986837 [http2:debug] h2_session.c(341): AH03066:
h2_session(66,BUSY,1): recv FRAME[HEADERS[length=30, hend=1, stream=1,
eos=1]], frames=2/0 (r/s)
12:37:23.986873 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
12:37:23.986926 [http2:debug] h2_session.c(589): AH03068:
h2_session(66,BUSY,1): sent FRAME[SETTINGS[length=6, stream=0]],
frames=3/1 (r/s)
12:37:23.986937 [http2:debug] h2_session.c(589): AH03068:
h2_session(66,BUSY,1): sent FRAME[SETTINGS[ack=1, stream=0]], frames=3/2
(r/s)
12:37:23.986944 [http2:debug] h2_session.c(589): AH03068:
h2_session(66,BUSY,1): sent FRAME[WINDOW_UPDATE[stream=0,
incr=2147418112]], frames=3/3 (r/s)
12:37:23.986971 [core:trace8] core_filters.c(580): brigade contains:
bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
12:37:23.986980 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 59/59
bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
12:37:23.987029 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.987033 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 59, non-file bytes: 59, eor buckets: 0, morphing buckets: 0
12:37:23.987037 [core:trace8] core_filters.c(554): flushing now
12:37:23.987060 [core:trace8] core_filters.c(569): total bytes written: 3181
12:37:23.987066 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.987081 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
bytes from BIO#7fe690002b00 [mem: 7fe6900165a3] (BIO dump follows)
12:37:23.987097 [http2:debug] h2_session.c(1760): AH03401:
h2_session(66,BUSY,1): conn error -> shutdown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
12:37:23.987105 [http2:debug] h2_session.c(589): AH03068:
h2_session(66,BUSY,1): sent FRAME[GOAWAY[error=0, reason='',
last_stream=1]], frames=3/4 (r/s)
12:37:23.987122 [core:trace8] core_filters.c(580): brigade contains:
bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
12:37:23.987130 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 39/39
bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
12:37:23.987172 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.987176 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 39, non-file bytes: 39, eor buckets: 0, morphing buckets: 0
12:37:23.987180 [core:trace8] core_filters.c(554): flushing now
12:37:23.987195 [core:trace8] core_filters.c(569): total bytes written: 3220
12:37:23.987200 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.987205 [http2:debug] h2_session.c(715): AH03069:
h2_session(66,BUSY,1): sent GOAWAY, err=0, msg=
12:37:23.987212 [http2:debug] h2_session.c(1670): AH03078:
h2_session(66,DONE,1): transit [BUSY] -- local goaway --> [DONE]
12:37:23.987219 [http2:debug] h2_conn.c(217): (70014)End of file found:
AH03045: h2_session(66,DONE,1): process, closing conn
12:37:23.987228 [http2:debug] h2_session.c(1670): AH03078:
h2_session(66,CLEANUP,1): transit [DONE] -- pre_close --> [CLEANUP]
12:37:23.992165 [optional_hook_import:error] AH01866: Optional hook test
said: GET / HTTP/2.0
12:37:23.992176 [optional_fn_export:error] AH01871: Optional function
test said: GET / HTTP/2.0
12:37:23.992337 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.992348 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.992353 [core:trace8] core_filters.c(554): flushing now
12:37:23.992357 [core:trace8] core_filters.c(569): total bytes written: 3220
12:37:23.992361 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.992387 [core:trace8] core_filters.c(580): brigade contains:
bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
12:37:23.992395 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 24/24
bytes to BIO#7fe690002a40 [mem: 7fe69000c433] (BIO dump follows)
12:37:23.992426 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.992430 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 24, non-file bytes: 24, eor buckets: 0, morphing buckets: 0
12:37:23.992434 [core:trace8] core_filters.c(554): flushing now
12:37:23.992470 [core:trace8] core_filters.c(569): total bytes written: 3244
12:37:23.992479 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.992485 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write:
SSL negotiation finished successfully
12:37:23.992491 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:37:23.992495 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.992499 [core:trace8] core_filters.c(554): flushing now
12:37:23.992503 [core:trace8] core_filters.c(569): total bytes written: 3244
12:37:23.992506 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:37:23.992511 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection
closed to child 66 with standard shutdown (server localhost:8557)
12:37:23.992616 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
curl TLS 1.2 client output
==========================
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8557 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=ASF;
OU=httpd-test/rsa-test; CN=localhost; emailAddress=test-dev@httpd.apache.org
* start date: Oct 13 08:40:49 2018 GMT
* expire date: Oct 13 08:40:49 2019 GMT
* issuer: C=US; ST=California; L=San Francisco; O=ASF; OU=httpd-test;
CN=ca; emailAddress=test-dev@httpd.apache.org
* SSL certificate verify result: self signed certificate in certificate
chain (19), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after
upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1d5e5e0)
> GET / HTTP/2
> Host: localhost:8557
> User-Agent: curl/7.61.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* TLSv1.2 (IN), TLS alert, close notify (256):
* Empty reply from server
^^^^^^^^^^^^^^^^^^^^^^^^^
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
curl TLS 1.2 server error log
=============================
12:43:43.580661 [ssl:info] AH01964: Connection to child 83 established
(server localhost:8557)
12:43:43.580842 [ssl:trace6] ssl_engine_io.c(2077): Enabling
non-blocking writes
12:43:43.580885 [ssl:trace3] ssl_engine_kernel.c(2191): OpenSSL:
Handshake: start
12:43:43.580944 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
before SSL initialization
12:43:43.580971 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe678002b00 [mem: 7fe6780083c3] (BIO dump follows)
12:43:43.581009 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read
512/512 bytes from BIO#7fe678002b00 [mem: 7fe6780083c8] (BIO dump follows)
12:43:43.581181 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
before SSL initialization
12:43:43.581289 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
virtual host for servername localhost found
12:43:43.581334 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL
virtual host for servername localhost found
12:43:43.581343 [core:debug] protocol.c(2314): AH03155: select protocol
from h2,http/1.1, choices=h2,http/1.1 for server localhost
12:43:43.581352 [core:debug] protocol.c(2359): AH03156: select protocol,
proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
12:43:43.581366 [core:debug] protocol.c(2377): AH03157: selected protocol=h2
12:43:43.581374 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read client hello
12:43:43.581415 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write server hello
12:43:43.581877 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write certificate
12:43:43.584573 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write key exchange
12:43:43.584595 [core:trace8] core_filters.c(580): brigade contains:
bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
12:43:43.584605 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write
2398/2398 bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
12:43:43.585620 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.585624 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 2398, non-file bytes: 2398, eor buckets: 0, morphing buckets: 0
12:43:43.585634 [core:trace8] core_filters.c(554): flushing now
12:43:43.585682 [core:trace8] core_filters.c(569): total bytes written: 2398
12:43:43.585690 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.585696 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write server done
12:43:43.587042 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe678002b00 [mem: 7fe6780127c3] (BIO dump follows)
12:43:43.587078 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 70/70
bytes from BIO#7fe678002b00 [mem: 7fe6780127c8] (BIO dump follows)
12:43:43.587126 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write server done
12:43:43.587435 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
12:43:43.587470 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 1/1
bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
12:43:43.587489 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read client key exchange
12:43:43.587541 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 5/5
bytes from BIO#7fe678002b00 [mem: 7fe678012683] (BIO dump follows)
12:43:43.587561 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 40/40
bytes from BIO#7fe678002b00 [mem: 7fe678012688] (BIO dump follows)
12:43:43.587595 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read change cipher spec
12:43:43.587624 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS read finished
12:43:43.587648 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write change cipher spec
12:43:43.587686 [core:trace8] core_filters.c(580): brigade contains:
bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
12:43:43.587694 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 51/51
bytes to BIO#7fe678002a40 [mem: 7fe678011670] (BIO dump follows)
12:43:43.587737 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.587740 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 51, non-file bytes: 51, eor buckets: 0, morphing buckets: 0
12:43:43.587744 [core:trace8] core_filters.c(554): flushing now
12:43:43.587779 [core:trace8] core_filters.c(569): total bytes written: 2449
12:43:43.587787 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.587792 [ssl:trace3] ssl_engine_kernel.c(2200): OpenSSL: Loop:
SSLv3/TLS write finished
12:43:43.587831 [ssl:trace3] ssl_engine_kernel.c(2195): OpenSSL:
Handshake: done
12:43:43.587848 [ssl:debug] ssl_engine_kernel.c(2244): AH02041:
Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
12:43:43.587888 [http2:debug] h2_session.c(924): AH03200:
h2_session(83,INIT,0): created, max_streams=100, stream_mem=32768,
workers_limit=6, workers_max=37, push_diary(type=1,N=256)
12:43:43.587902 [http2:debug] h2_session.c(1017): AH03201:
h2_session(83,INIT,0): start, INITIAL_WINDOW_SIZE=65535,
MAX_CONCURRENT_STREAMS=100
12:43:43.587912 [http2:debug] h2_session.c(2105): AH03079:
h2_session(83,INIT,0): started on localhost:8557
12:43:43.587916 [http2:debug] h2_session.c(1670): AH03078:
h2_session(83,BUSY,0): transit [INIT] -- init --> [BUSY]
12:43:43.587944 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: read 0/5
bytes from BIO#7fe678002b00 [mem: 7fe678014563] (BIO dump follows)
12:43:43.587972 [http2:debug] h2_session.c(1760): AH03401:
h2_session(83,BUSY,0): conn error -> shutdown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
12:43:43.587985 [http2:debug] h2_session.c(589): AH03068:
h2_session(83,BUSY,0): sent FRAME[SETTINGS[length=6, stream=0]],
frames=0/1 (r/s)
12:43:43.587992 [http2:debug] h2_session.c(589): AH03068:
h2_session(83,BUSY,0): sent FRAME[WINDOW_UPDATE[stream=0,
incr=2147418112]], frames=0/2 (r/s)
12:43:43.587998 [http2:debug] h2_session.c(589): AH03068:
h2_session(83,BUSY,0): sent FRAME[GOAWAY[error=0, reason='',
last_stream=0]], frames=0/3 (r/s)
12:43:43.588029 [core:trace8] core_filters.c(580): brigade contains:
bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
12:43:43.588044 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 74/74
bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
12:43:43.588090 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.588093 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 74, non-file bytes: 74, eor buckets: 0, morphing buckets: 0
12:43:43.588097 [core:trace8] core_filters.c(554): flushing now
12:43:43.588112 [core:trace8] core_filters.c(569): total bytes written: 2523
12:43:43.588117 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588122 [http2:debug] h2_session.c(715): AH03069:
h2_session(83,BUSY,0): sent GOAWAY, err=0, msg=
12:43:43.588128 [http2:debug] h2_session.c(1670): AH03078:
h2_session(83,DONE,0): transit [BUSY] -- local goaway --> [DONE]
12:43:43.588136 [http2:debug] h2_conn.c(217): (70014)End of file found:
AH03045: h2_session(83,DONE,0): process, closing conn
12:43:43.588147 [http2:debug] h2_session.c(1670): AH03078:
h2_session(83,CLEANUP,0): transit [DONE] -- pre_close --> [CLEANUP]
12:43:43.588163 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.588168 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588171 [core:trace8] core_filters.c(554): flushing now
12:43:43.588174 [core:trace8] core_filters.c(569): total bytes written: 2523
12:43:43.588177 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588188 [core:trace8] core_filters.c(580): brigade contains:
bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
12:43:43.588194 [ssl:trace4] ssl_engine_io.c(2213): OpenSSL: write 31/31
bytes to BIO#7fe678002a40 [mem: 7fe67800c4e3] (BIO dump follows)
12:43:43.588219 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.588222 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 31, non-file bytes: 31, eor buckets: 0, morphing buckets: 0
12:43:43.588226 [core:trace8] core_filters.c(554): flushing now
12:43:43.588239 [core:trace8] core_filters.c(569): total bytes written: 2554
12:43:43.588244 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588249 [ssl:trace3] ssl_engine_kernel.c(2210): OpenSSL: Write:
SSL negotiation finished successfully
12:43:43.588253 [core:trace6] core_filters.c(525): will flush because of
FLUSH bucket
12:43:43.588257 [core:trace8] core_filters.c(535): seen in brigade so
far: bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588260 [core:trace8] core_filters.c(554): flushing now
12:43:43.588263 [core:trace8] core_filters.c(569): total bytes written: 2554
12:43:43.588269 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
12:43:43.588275 [ssl:debug] ssl_engine_io.c(1105): AH02001: Connection
closed to child 83 with standard shutdown (server localhost:8557)
12:43:43.588295 [core:trace8] core_filters.c(580): brigade contains:
bytes: 0, non-file bytes: 0, eor buckets: 0, morphing buckets: 0
Could it be, that the ssl read directly above the conn error detected is
the culprit. It reads 0 bytes. Maybe we are in h2_session.c in this block:
2215 case H2_SESSION_ST_BUSY:
2216 if (nghttp2_session_want_read(session->ngh2)) {
2217 ap_update_child_status(session->c->sbh,
SERVER_BUSY_READ, NULL);
2218 h2_filter_cin_timeout_set(session->cin,
session->s->timeout);
2219 status = h2_session_read(session, 0);
2220 if (status == APR_SUCCESS) {
2221 session->have_read = 1;
2222 }
2223 else if (status == APR_EAGAIN) {
2224 /* nothing to read */
2225 }
2226 else if (APR_STATUS_IS_TIMEUP(status)) {
2227 dispatch_event(session,
H2_SESSION_EV_CONN_TIMEOUT, 0, NULL);
2228 break;
2229 }
2230 else {
2231 dispatch_event(session,
H2_SESSION_EV_CONN_ERROR, 0, NULL);
2232 }
2233 }
and maybe h2_session_read() (using session_read()) returns an unexpected
result code? Although I must confess, this is speculation and I don't
really see, where this could happen.
Regards,
Rainer
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>
> I believe that t/modules/http2.t is dying in this:
>
> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>
> piece of magic which I don't understand but possibly needs updating for
> TLSv1.3? Session handling is different now... everything is broken.
I think there was no official way to add SNI to AnyEvent and I had to hack this. Unless anyone has another suggestion, I am in favour of removing the t/modules/http2.t again.
I have started to convert the existing h2 testsuite in https://svn.apache.org/repos/asf/httpd/test/mod_h2/trunk from shell scripts to pytest in the github repro. I have a pytest suite for mod_md also in its github.
My hope is to, one day, make those part of a httpd test suite, probably just by combining the separate standalone ones. Then we could have 'modules/ABC/test' as optional part of a module with a defined way to trigger them.
Since each pytest module starts httpd and stops it again, the config files can be very local to the tests being done. That makes them quite easy to understand and startup times very short.
As for the certificates on a test host, I'd like to use https://github.com/FiloSottile/mkcert. That runs on MacOS, Linux and Windows. Not sure about the other OS we run on. More and more clients refuse to drop certificate verification or at least generate verbose warnings, so mkcert seems a good way to go.
-Stefan
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
Thanks, Joe. Tried to get it running on my Ubuntu 18.04 LTS image, but there I cannot even get the necessary Perl modules installed via CPAN.
I give up.
> Am 10.10.2018 um 15:06 schrieb Joe Orton <jo...@redhat.com>:
>
> On Wed, Oct 10, 2018 at 02:52:13PM +0200, Stefan Eissing wrote:
>> I cannot get the test framework to properly initialise any longer (MacOS 10.14):
>>
>>> t/TEST -clean
>>> t/TEST
>> [warning] setting ulimit to allow core files
>> ulimit -c unlimited; /usr/bin/perl /Users/sei/projects/httpd/test/framework/trunk/t/TEST
>> [warning] generating SSL CA for asf
>> [ info] openssl req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf
>> Generating a 2048 bit RSA private key
>> ..................+++
>> ..............................................................+++
>> writing new private key to 'keys/ca.pem'
>> -----
>> problems making Certificate Request
>> 4620047980:error:0DFFF07A:asn1 encoding routines:CRYPTO_internal:first num too large:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/asn1/a_object.c:112:
>> 4620047980:error:0BFFF077:x509 certificate routines:CRYPTO_internal:invalid field name:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/x509/x509name.c:303:name=Email
>> [ error] configure() has failed:
>> system req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf failed (exit status=1) at /Users/sei/projects/httpd/test/framework/trunk/Apache-Test/lib/Apache/TestSSLCA.pm line 216.
>>
>> [warning] forcing Apache::TestConfig object save
>> [warning] run 't/TEST -clean' to clean up before continuing
>>
>> Any tips?
>
> Did you start from a fresh checkout? I can't remember seeing that
> particular error before but the whole thing is fragile as heck.
>
> I believe that t/modules/http2.t is dying in this:
>
> my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
> *{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
>
> piece of magic which I don't understand but possibly needs updating for
> TLSv1.3? Session handling is different now... everything is broken.
>
> The last output I get is:
>
> ok 24
> test case: TC0001, expecting 200: GET https://localhost:8557/
> test case: VHOST000, expecting 200: GET https://localhost:8557/
> setting host_name to localhost:8557
> Failed 28/52 subtests
>
> so it looks like the perl script died completely somewhere around that
> point. My fedora 29 chroot has:
>
> # rpm -q perl-AnyEvent openssl perl-interpreter
> perl-AnyEvent-7.14-7.fc29.x86_64
> openssl-1.1.1-3.fc29.x86_64
> perl-interpreter-5.28.0-423.fc29.x86_64
>
> fwiw.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Joe Orton <jo...@redhat.com>.
On Wed, Oct 10, 2018 at 02:52:13PM +0200, Stefan Eissing wrote:
> I cannot get the test framework to properly initialise any longer (MacOS 10.14):
>
> > t/TEST -clean
> > t/TEST
> [warning] setting ulimit to allow core files
> ulimit -c unlimited; /usr/bin/perl /Users/sei/projects/httpd/test/framework/trunk/t/TEST
> [warning] generating SSL CA for asf
> [ info] openssl req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf
> Generating a 2048 bit RSA private key
> ..................+++
> ..............................................................+++
> writing new private key to 'keys/ca.pem'
> -----
> problems making Certificate Request
> 4620047980:error:0DFFF07A:asn1 encoding routines:CRYPTO_internal:first num too large:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/asn1/a_object.c:112:
> 4620047980:error:0BFFF077:x509 certificate routines:CRYPTO_internal:invalid field name:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/x509/x509name.c:303:name=Email
> [ error] configure() has failed:
> system req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf failed (exit status=1) at /Users/sei/projects/httpd/test/framework/trunk/Apache-Test/lib/Apache/TestSSLCA.pm line 216.
>
> [warning] forcing Apache::TestConfig object save
> [warning] run 't/TEST -clean' to clean up before continuing
>
> Any tips?
Did you start from a fresh checkout? I can't remember seeing that
particular error before but the whole thing is fragile as heck.
I believe that t/modules/http2.t is dying in this:
my $old_ref = \&{ 'AnyEvent::TLS::_get_session' };
*{ 'AnyEvent::TLS::_get_session' } = sub($$;$$) {
piece of magic which I don't understand but possibly needs updating for
TLSv1.3? Session handling is different now... everything is broken.
The last output I get is:
ok 24
test case: TC0001, expecting 200: GET https://localhost:8557/
test case: VHOST000, expecting 200: GET https://localhost:8557/
setting host_name to localhost:8557
Failed 28/52 subtests
so it looks like the perl script died completely somewhere around that
point. My fedora 29 chroot has:
# rpm -q perl-AnyEvent openssl perl-interpreter
perl-AnyEvent-7.14-7.fc29.x86_64
openssl-1.1.1-3.fc29.x86_64
perl-interpreter-5.28.0-423.fc29.x86_64
fwiw.
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
I cannot get the test framework to properly initialise any longer (MacOS 10.14):
> t/TEST -clean
> t/TEST
[warning] setting ulimit to allow core files
ulimit -c unlimited; /usr/bin/perl /Users/sei/projects/httpd/test/framework/trunk/t/TEST
[warning] generating SSL CA for asf
[ info] openssl req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf
Generating a 2048 bit RSA private key
..................+++
..............................................................+++
writing new private key to 'keys/ca.pem'
-----
problems making Certificate Request
4620047980:error:0DFFF07A:asn1 encoding routines:CRYPTO_internal:first num too large:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/asn1/a_object.c:112:
4620047980:error:0BFFF077:x509 certificate routines:CRYPTO_internal:invalid field name:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.200.4/libressl-2.6/crypto/x509/x509name.c:303:name=Email
[ error] configure() has failed:
system req -new -x509 -keyout keys/ca.pem -out certs/ca.crt -days 365 -config conf/ca.cnf failed (exit status=1) at /Users/sei/projects/httpd/test/framework/trunk/Apache-Test/lib/Apache/TestSSLCA.pm line 216.
[warning] forcing Apache::TestConfig object save
[warning] run 't/TEST -clean' to clean up before continuing
Any tips?
> Am 10.10.2018 um 14:30 schrieb Joe Orton <jo...@redhat.com>:
>
> On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
>> Hi, all;
>> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but
>> found several test failures. In the past, these issues have been isolated to
>> my environment so I just wanted to drop a line to see if anyone has run the
>> test suite against 2.4.x lately and can corroborate this result? If not, I
>> can debug my environment.
>
> TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry. I have
> updated the test suite just now to disable TLSv1.3 testing for most
> people. We need updates to Net::SSLeay (the latest upstream has the
> patch) and IO::Socket::SSL, but the latter is not patched upstream, so I
> can't make an accurate test for that yet.
>
> At worst, forcibly testing with:
>
> ./t/TEST -sslproto 'all -TLSv1.2'
>
> should now be possible.
>
> (If using an existing check-out of the test suite don't forget to re-run
> "make" before running ./t/TEST -conf to regenerate the config...)
>
> Let me know if that's not made any difference for you.
>
> I don't know why t/modules/http2.t is failing but I see that here too.
>
> Regards, Joe
>
>
>>
>> Test Summary Report
>> -------------------
>> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
>> Parse errors: Bad plan. You planned 52 tests but ran 24.
>> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 3-4
>> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
>> Failed tests: 16-30
>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
>> Failed tests: 1-4
>> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 3
>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
>> Failed tests: 2, 5, 9
>> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
>> Failed tests: 1-83
>> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 2
>> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr
>> 11.08 csys = 61.68 CPU)
>>
>>
>> Versions at play were:
>> system:
>> kernel:
>> name: Linux
>> release: 3.16.0-4-amd64
>> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
>> machine: x86_64
>>
>> libraries:
>> openssl: "1.1.1"
>> openldap: "2.4.46"
>> apr: "1.6.5"
>> apr-util: "1.6.1"
>> iconv: "1.2.2"
>> brotli: "1.0.6"
>> nghttp2: "1.34.0"
>> zlib: "1.2.11"
>> pcre: "8.42"
>> libxml2: "2.9.8"
>> php: "5.6.38"
>> lua: "5.3.5"
>> curl: "7.61.1"
>>
>>
>> Anything look obviously crazy/wrong?
>>
>> --
>> Daniel Ruggeri
>>
>> On 2018-10-09 06:36, Daniel Ruggeri wrote:
>>> Hi, all;
>>> Barring any major disagreement in the next several hours, I intend to
>>> T&R our next version later today or early tomorrow.
>>>
>>> Hooray for TLS 1.3!
>>> --
>>> Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote:
> Hi, all;
> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but
> found several test failures. In the past, these issues have been isolated to
> my environment so I just wanted to drop a line to see if anyone has run the
> test suite against 2.4.x lately and can corroborate this result? If not, I
> can debug my environment.
TLSv1.3 testing is still a mess with OpenSSL 1.1.1, sorry. I have
updated the test suite just now to disable TLSv1.3 testing for most
people. We need updates to Net::SSLeay (the latest upstream has the
patch) and IO::Socket::SSL, but the latter is not patched upstream, so I
can't make an accurate test for that yet.
At worst, forcibly testing with:
./t/TEST -sslproto 'all -TLSv1.2'
should now be possible.
(If using an existing check-out of the test suite don't forget to re-run
"make" before running ./t/TEST -conf to regenerate the config...)
Let me know if that's not made any difference for you.
I don't know why t/modules/http2.t is failing but I see that here too.
Regards, Joe
>
> Test Summary Report
> -------------------
> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
> Parse errors: Bad plan. You planned 52 tests but ran 24.
> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 3-4
> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 2-3
> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
> Failed tests: 16-30
> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
> Failed tests: 1-4
> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
> Failed tests: 2-3
> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 3
> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
> Failed tests: 2, 5, 9
> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
> Failed tests: 1-83
> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 2
> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr
> 11.08 csys = 61.68 CPU)
>
>
> Versions at play were:
> system:
> kernel:
> name: Linux
> release: 3.16.0-4-amd64
> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
> machine: x86_64
>
> libraries:
> openssl: "1.1.1"
> openldap: "2.4.46"
> apr: "1.6.5"
> apr-util: "1.6.1"
> iconv: "1.2.2"
> brotli: "1.0.6"
> nghttp2: "1.34.0"
> zlib: "1.2.11"
> pcre: "8.42"
> libxml2: "2.9.8"
> php: "5.6.38"
> lua: "5.3.5"
> curl: "7.61.1"
>
>
> Anything look obviously crazy/wrong?
>
> --
> Daniel Ruggeri
>
> On 2018-10-09 06:36, Daniel Ruggeri wrote:
> > Hi, all;
> > Barring any major disagreement in the next several hours, I intend to
> > T&R our next version later today or early tomorrow.
> >
> > Hooray for TLS 1.3!
> > --
> > Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
You might want to review the thread following up svn commit: r1840585
back from Sept 12th w.r.t. some of these.
On Tue, Oct 9, 2018 at 3:29 PM Daniel Ruggeri <dr...@primary.net> wrote:
> Hi, all;
> I ran through my usual testing routine, this time with OpenSSL 1.1.1,
> but found several test failures. In the past, these issues have been
> isolated to my environment so I just wanted to drop a line to see if
> anyone has run the test suite against 2.4.x lately and can corroborate
> this result? If not, I can debug my environment.
>
> Test Summary Report
> -------------------
> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
> Parse errors: Bad plan. You planned 52 tests but ran 24.
> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 3-4
> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 2-3
> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
> Failed tests: 16-30
> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
> Failed tests: 1-4
> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
> Failed tests: 2-3
> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 3
> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
> Failed tests: 2, 5, 9
> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
> Failed tests: 1-83
> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 2
> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46
> cusr 11.08 csys = 61.68 CPU)
>
>
> Versions at play were:
> system:
> kernel:
> name: Linux
> release: 3.16.0-4-amd64
> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
> machine: x86_64
>
> libraries:
> openssl: "1.1.1"
> openldap: "2.4.46"
> apr: "1.6.5"
> apr-util: "1.6.1"
> iconv: "1.2.2"
> brotli: "1.0.6"
> nghttp2: "1.34.0"
> zlib: "1.2.11"
> pcre: "8.42"
> libxml2: "2.9.8"
> php: "5.6.38"
> lua: "5.3.5"
> curl: "7.61.1"
>
>
> Anything look obviously crazy/wrong?
>
> --
> Daniel Ruggeri
>
> On 2018-10-09 06:36, Daniel Ruggeri wrote:
> > Hi, all;
> > Barring any major disagreement in the next several hours, I intend to
> > T&R our next version later today or early tomorrow.
> >
> > Hooray for TLS 1.3!
> > --
> > Daniel Ruggeri
>
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
Just in case of tl;dr:
The fix is proposed for backport, 1 vote is missing, would be nice to have in 2.4.36
Thanks, Stefan
> Am 10.10.2018 um 10:47 schrieb Stefan Eissing <st...@greenbytes.de>:
>
> I have a report of h2 missing an EOS flag on certain conditions related to php served resources. Trying to reproduce. First such report came before 2.4.35. I'd say, if I cannot progress on this today, then please go ahead and tag. Will report later.
>
> -Stefan
>
>> Am 09.10.2018 um 22:29 schrieb Daniel Ruggeri <dr...@primary.net>:
>>
>> Hi, all;
>> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but found several test failures. In the past, these issues have been isolated to my environment so I just wanted to drop a line to see if anyone has run the test suite against 2.4.x lately and can corroborate this result? If not, I can debug my environment.
>>
>> Test Summary Report
>> -------------------
>> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
>> Parse errors: Bad plan. You planned 52 tests but ran 24.
>> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 3-4
>> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
>> Failed tests: 16-30
>> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
>> Failed tests: 1-4
>> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
>> Failed tests: 2-3
>> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 3
>> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
>> Failed tests: 2, 5, 9
>> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
>> Failed tests: 1-83
>> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
>> Failed test: 2
>> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr 11.08 csys = 61.68 CPU)
>>
>>
>> Versions at play were:
>> system:
>> kernel:
>> name: Linux
>> release: 3.16.0-4-amd64
>> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
>> machine: x86_64
>>
>> libraries:
>> openssl: "1.1.1"
>> openldap: "2.4.46"
>> apr: "1.6.5"
>> apr-util: "1.6.1"
>> iconv: "1.2.2"
>> brotli: "1.0.6"
>> nghttp2: "1.34.0"
>> zlib: "1.2.11"
>> pcre: "8.42"
>> libxml2: "2.9.8"
>> php: "5.6.38"
>> lua: "5.3.5"
>> curl: "7.61.1"
>>
>>
>> Anything look obviously crazy/wrong?
>>
>> --
>> Daniel Ruggeri
>>
>> On 2018-10-09 06:36, Daniel Ruggeri wrote:
>>> Hi, all;
>>> Barring any major disagreement in the next several hours, I intend to
>>> T&R our next version later today or early tomorrow.
>>> Hooray for TLS 1.3!
>>> --
>>> Daniel Ruggeri
>
Re: NOTICE: Intent to T&R 2.4.36
Posted by Stefan Eissing <st...@greenbytes.de>.
I have a report of h2 missing an EOS flag on certain conditions related to php served resources. Trying to reproduce. First such report came before 2.4.35. I'd say, if I cannot progress on this today, then please go ahead and tag. Will report later.
-Stefan
> Am 09.10.2018 um 22:29 schrieb Daniel Ruggeri <dr...@primary.net>:
>
> Hi, all;
> I ran through my usual testing routine, this time with OpenSSL 1.1.1, but found several test failures. In the past, these issues have been isolated to my environment so I just wanted to drop a line to see if anyone has run the test suite against 2.4.x lately and can corroborate this result? If not, I can debug my environment.
>
> Test Summary Report
> -------------------
> t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
> Parse errors: Bad plan. You planned 52 tests but ran 24.
> t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 3-4
> t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
> Failed tests: 2-3
> t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
> Failed tests: 16-30
> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
> Failed tests: 1-4
> t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
> Failed tests: 2-3
> t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 3
> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
> Failed tests: 2, 5, 9
> t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
> Failed tests: 1-83
> t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
> Failed test: 2
> Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46 cusr 11.08 csys = 61.68 CPU)
>
>
> Versions at play were:
> system:
> kernel:
> name: Linux
> release: 3.16.0-4-amd64
> version: #1 SMP Debian 3.16.51-3 (2017-12-13)
> machine: x86_64
>
> libraries:
> openssl: "1.1.1"
> openldap: "2.4.46"
> apr: "1.6.5"
> apr-util: "1.6.1"
> iconv: "1.2.2"
> brotli: "1.0.6"
> nghttp2: "1.34.0"
> zlib: "1.2.11"
> pcre: "8.42"
> libxml2: "2.9.8"
> php: "5.6.38"
> lua: "5.3.5"
> curl: "7.61.1"
>
>
> Anything look obviously crazy/wrong?
>
> --
> Daniel Ruggeri
>
> On 2018-10-09 06:36, Daniel Ruggeri wrote:
>> Hi, all;
>> Barring any major disagreement in the next several hours, I intend to
>> T&R our next version later today or early tomorrow.
>> Hooray for TLS 1.3!
>> --
>> Daniel Ruggeri
Re: NOTICE: Intent to T&R 2.4.36
Posted by Daniel Ruggeri <dr...@primary.net>.
Hi, all;
I ran through my usual testing routine, this time with OpenSSL 1.1.1,
but found several test failures. In the past, these issues have been
isolated to my environment so I just wanted to drop a line to see if
anyone has run the test suite against 2.4.x lately and can corroborate
this result? If not, I can debug my environment.
Test Summary Report
-------------------
t/modules/http2.t (Wstat: 0 Tests: 24 Failed: 0)
Parse errors: Bad plan. You planned 52 tests but ran 24.
t/security/CVE-2009-3555.t (Wstat: 0 Tests: 4 Failed: 2)
Failed tests: 3-4
t/ssl/basicauth.t (Wstat: 0 Tests: 4 Failed: 2)
Failed tests: 2-3
t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15)
Failed tests: 16-30
t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 4)
Failed tests: 1-4
t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2)
Failed tests: 2-3
t/ssl/ocsp.t (Wstat: 0 Tests: 3 Failed: 1)
Failed test: 3
t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 3)
Failed tests: 2, 5, 9
t/ssl/varlookup.t (Wstat: 0 Tests: 83 Failed: 83)
Failed tests: 1-83
t/ssl/verify.t (Wstat: 0 Tests: 3 Failed: 1)
Failed test: 2
Files=186, Tests=8857, 101 wallclock secs ( 1.86 usr 0.28 sys + 48.46
cusr 11.08 csys = 61.68 CPU)
Versions at play were:
system:
kernel:
name: Linux
release: 3.16.0-4-amd64
version: #1 SMP Debian 3.16.51-3 (2017-12-13)
machine: x86_64
libraries:
openssl: "1.1.1"
openldap: "2.4.46"
apr: "1.6.5"
apr-util: "1.6.1"
iconv: "1.2.2"
brotli: "1.0.6"
nghttp2: "1.34.0"
zlib: "1.2.11"
pcre: "8.42"
libxml2: "2.9.8"
php: "5.6.38"
lua: "5.3.5"
curl: "7.61.1"
Anything look obviously crazy/wrong?
--
Daniel Ruggeri
On 2018-10-09 06:36, Daniel Ruggeri wrote:
> Hi, all;
> Barring any major disagreement in the next several hours, I intend to
> T&R our next version later today or early tomorrow.
>
> Hooray for TLS 1.3!
> --
> Daniel Ruggeri