You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Mathihalli, Madhusudan" <ma...@hp.com> on 2004/02/04 22:39:13 UTC

mod_ssl not sending Alert upon close ?

Hi,
	I was playing with ssldump for the data transferred b/w browser and Apache (2.0.48) - and realized that the Apache2 (+ mod_ssl) does not send the Alert message to the client before closing the connection.

-Madhu

Here's the error_log output from Apache 1.3 (+ mod_ssl)

[04/Feb/2004 12:06:12 06779] [trace] Inter-Process Session Cache: request=SET st
tus=OK id=00DC164670004D3A4F68FE3E10C549F980304971125755C9A5E91DA8A363CD77 time
out=300s (session caching)
[04/Feb/2004 12:06:12 06779] [trace] OpenSSL: Handshake: done
[04/Feb/2004 12:06:12 06779] [info]  Connection: Client IP: 15.0.70.188, Protoco
l: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[04/Feb/2004 12:06:13 06779] [debug] OpenSSL: read 0/18437 bytes from BIO#4008FF
60 [mem: 400EA6F8] (BIO dump follows)
+-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
[04/Feb/2004 12:06:13 06779] [debug] OpenSSL: write 23/23 bytes to BIO#4008FF60
[mem: 400F2F10] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 15 03 00 00 12 ff 44 58-11 7e f9 b8 91 aa 42 29  ......DX.~....B) |
| 0010: ec 0d 56 22 06 8c 4a                             ..V"..J          |
+-------------------------------------------------------------------------+
[04/Feb/2004 12:06:13 06779] [trace] OpenSSL: Write: SSL negotiation finished su
ccessfully
[04/Feb/2004 12:06:13 06779] [info]  Connection to child 0 closed with standard
shutdown (server lugia:5443, client 15.0.70.188)


****************************************************
Output from Apache 2.0 (+ mod_ssl)

[Wed Feb 04 12:02:08 2004] [debug] ssl_engine_kernel.c(1682): Inter-Process Sess
ion Cache: request=SET status=OK id=9938509B272D9C7231FE69A4BEAD969A0E265BABA44C
3738444C80BDC3440F7A timeout=300s (session caching)
[Wed Feb 04 12:02:08 2004] [debug] ssl_engine_kernel.c(1840): OpenSSL: Handshake
: done
[Wed Feb 04 12:02:08 2004] [info] Connection: Client IP: 15.0.70.188, Protocol:
SSLv3, Cipher: RC4-MD5 (128/128 bits)
[Wed Feb 04 12:02:08 2004] [debug] ssl_engine_io.c(1510): OpenSSL: I/O error, 5
bytes expected to read on BIO#40251bb0 [mem: 402696b0]
[Wed Feb 04 12:02:08 2004] [info] (70014)End of file found: SSL input filter rea
d failed.
[Wed Feb 04 12:02:08 2004] [debug] ssl_engine_kernel.c(1854): OpenSSL: Write: SS
L negotiation finished successfully
[Wed Feb 04 12:02:08 2004] [info] Connection to child 0 closed with standard shu
tdown(server lugia.cup.hp.com:443, client 15.0.70.188)

Re: mod_ssl not sending Alert upon close ?

Posted by Geoff Thorpe <ge...@geoffthorpe.net>.

On February 4, 2004 04:39 pm, Mathihalli, Madhusudan wrote:
> Hi,
> 	I was playing with ssldump for the data transferred b/w browser and
> Apache (2.0.48) - and realized that the Apache2 (+ mod_ssl) does not
> send the Alert message to the client before closing the connection.

Funnily enough, I was just stewing on a similar problem with openssl's 
builtin "s_server" application - in that case, the braindamage is in 
s_server.c's use of "SSL_CTX_set_quiet_shutdown(ctx,1)". Perhaps apache2 
is doing the same thing?

Cheers,
Geoff

-- 
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/