You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/11/24 23:27:18 UTC
DO NOT REPLY [Bug 50332] New: mod_proxy_http is not aware of SSL
handshake failures
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Summary: mod_proxy_http is not aware of SSL handshake failures
Product: Apache httpd-2
Version: 2.2.17
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy_http
AssignedTo: bugs@httpd.apache.org
ReportedBy: DRuggeri@primary.net
Created an attachment (id=26337)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26337)
mod_ssl -> mod_proxy note via conn_rec
In the event an SSL handshake from the httpd proxy to a backend fails,
mod_proxy is not aware until it attempts to pass the request.
To duplicate, simply stand up an openssl s_server like so:
/usr/local/openssl/bin/openssl s_server -cert /root/certs/ssl.crt -key
/root/certs/ssl.key -www -accept 8001 -Verify 1
/usr/local/openssl/bin/openssl s_server -cert /root/certs/ssl.crt -key
/root/certs/ssl.key -www -accept 8002
And set up a balancer like so:
<Proxy balancer://mycluster>
BalancerMember https://127.0.0.1:8001
BalancerMember https://127.0.0.1:8002
</Proxy>
ProxyPass /test/ balancer://mycluster/
You will find that all requests to /test will attempt to connect, but fail on
the first member. Worse yet, since no request ever gets through, the balancer
never considers the next member for usage.
The attached patch utilizes a note on the conn_rec for mod_proxy_httpd to
recognize that a failure has occurred. If a failure has been found, it's too
late for that request, but the worker used is put in error state.
I am investigating as to whether or not this is needed for 2.3.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26338|0 |1
is obsolete| |
--- Comment #4 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 09:55:35 EST ---
Created an attachment (id=26341)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26341)
Added mod_proxy_http SSL error message
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26345|0 |1
is obsolete| |
--- Comment #11 from Daniel Ruggeri <DR...@primary.net> 2010-12-04 10:49:28 EST ---
Created an attachment (id=26374)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26374)
2.2.x patch - using HTTP_INTERNAL_SERVER_ERROR
Removed STATUS proposal from this patch - submitting to DEV list separately.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26338|application/octet-stream |text/plain
mime type| |
Attachment #26338|0 |1
is patch| |
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
--- Comment #2 from Daniel Ruggeri <DR...@primary.net> 2010-11-24 23:33:58 EST ---
Created an attachment (id=26339)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26339)
Final trunk patch
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26344|0 |1
is obsolete| |
--- Comment #9 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 11:00:10 EST ---
Created an attachment (id=26346)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26346)
trunk patch - using HTTP_INTERNAL_SERVER_ERROR
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26337|0 |1
is obsolete| |
--- Comment #1 from Daniel Ruggeri <DR...@primary.net> 2010-11-24 23:33:37 EST ---
Created an attachment (id=26338)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26338)
Final
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26450|Updated patch based on |Updated patch for 2.2.x
description|r1039304 and r1053584. |based on r1039304 and
| |r1053584.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26341|0 |1
is obsolete| |
--- Comment #5 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 09:56:18 EST ---
Created an attachment (id=26342)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26342)
Added mod_proxy_http SSL error message (trunk)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26339|0 |1
is obsolete| |
--- Comment #6 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 09:57:47 EST ---
Created an attachment (id=26343)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26343)
Added mod_proxy_http SSL error message (2.2.x)
Obsoleted the wrong patch...
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
--- Comment #12 from Ruediger Pluem <rp...@apache.org> 2010-12-29 04:52:26 EST ---
Created an attachment (id=26450)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26450)
Updated patch based on r1039304 and r1053584.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26343|0 |1
is obsolete| |
--- Comment #8 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 10:59:50 EST ---
Created an attachment (id=26345)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26345)
2.2.x patch - using HTTP_INTERNAL_SERVER_ERROR
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26342|0 |1
is obsolete| |
--- Comment #7 from Daniel Ruggeri <DR...@primary.net> 2010-11-25 09:58:28 EST ---
Created an attachment (id=26344)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26344)
Added mod_proxy_http SSL error message (trunk)
Uploaded the wrong patch
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #26374|0 |1
is obsolete| |
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Ruediger Pluem <rp...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #13 from Ruediger Pluem <rp...@apache.org> 2011-02-11 07:31:21 EST ---
Backported to 2.2.x as r1069773.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
--- Comment #10 from Ruediger Pluem <rp...@apache.org> 2010-11-26 05:35:50 EST ---
Committed as r1039304.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50332] mod_proxy_http is not aware of SSL
handshake failures
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50332
Daniel Ruggeri <DR...@primary.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |ErrorMessage,
| |NeedsReleaseNote,
| |PatchAvailable
CC| |DRuggeri@primary.net
--- Comment #3 from Daniel Ruggeri <DR...@primary.net> 2010-11-24 23:35:41 EST ---
Patch to do the same on httpd-trunk is attached now.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org