You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Masaoki Kobayashi <ma...@techfirm.co.jp> on 2005/05/10 07:13:47 UTC
[PATCH] SSL patch for ab (ApacheBench)
This patch modifies the support/ab.c to handle SSL/TLS
properly.
The current implementation in 2.0.54 seems to be broken
because it dumps core when I compile it with "-DUSE_SSL".
Even when I go back to 2.0.39, it still has many problems.
i.e.
- Asynchronous I/O does not work with SSL, which means
only one slow connection prevents all other concurrent
connections from proceeding.
- It sleeps one second for each SSL connections during
SSL handshake.
- SIGSEGV occurs with "-v 4" because of the buffer
overflow inside ssl_print_cert_info().
- Cannot specify either protocol version or cipher suites.
This patch makes ab work with asynchronous I/O even in
SSL/TLS, while it introduces 2 more options for SSL/TLS.
-Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)
-f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)
Example:
ab -f SSL3 -Z DES-CBC3-SHA -n 1000 -c 100 https://server/
This patch also includes the modification for configure.in
to set "-DAB_USE_SSL" automatically when you configure
apache with "--enable-ssl". You have to run buildconf
after applying this patch, of course.
--
Masaoki Kobayashi
<ma...@techfirm.co.jp>
Re: [PATCH] SSL patch for ab (ApacheBench)
Posted by Masaoki Kobayashi <ma...@techfirm.co.jp>.
OK. It seems not so hard to apply those changes to
the one on trunk. I will make the patch in a few
days.
When I give SSL stress to apache httpd 2.0.54 with
the new ab, the SSL connections at the httpd will
be unstable. I believe there should be a problem
around the SSL session cache as dbm. The httpd is
really stable when SSL session cache is shmcb.
It may be a problem of dbm library on solaris 10.
Joe Orton wrote:
> This looks really wonderful, thanks a lot for submitting this. Is there
> any chance that you can rediff this against the version of ab on the
> trunk?
>
> http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/ab.c
>
> (there are many conflicts when applying your patch to that)
--
Masaoki Kobayashi
<ma...@techfirm.co.jp>
Re: [PATCH] SSL patch for ab (ApacheBench)
Posted by Joe Orton <jo...@redhat.com>.
On Wed, May 11, 2005 at 10:37:17PM +0900, Masaoki Kobayashi wrote:
> This is a patch for the version of ab on the trunk.
> In this version of ab, HAVE_OPENSSL controls if I
> have OpenSSL. I conformed to the way although I
> did not checked the case of HAVE_SSLC.
Thanks a lot, and sorry for the slow follow-up. I committed this with a
few style fixes and also adding better handling of SSL_read errors in
read_connect().
Regards,
joe
Re: [PATCH] SSL patch for ab (ApacheBench)
Posted by Masaoki Kobayashi <ma...@techfirm.co.jp>.
This is a patch for the version of ab on the trunk.
In this version of ab, HAVE_OPENSSL controls if I
have OpenSSL. I conformed to the way although I
did not checked the case of HAVE_SSLC.
There has also been small more fixes.
1. The resulting shared key bit length is now the
number of effective bits.
2. Now ab does not dump core in case of SSL handshake
error.
Later, I will also submit the above changes for the
original 2.0.54 patch.
--
Masaoki Kobayashi
<ma...@techfirm.co.jp>
Re: [PATCH] SSL patch for ab (ApacheBench)
Posted by Joe Orton <jo...@redhat.com>.
On Tue, May 10, 2005 at 02:13:47PM +0900, Masaoki Kobayashi wrote:
> This patch modifies the support/ab.c to handle SSL/TLS
> properly.
This looks really wonderful, thanks a lot for submitting this. Is there
any chance that you can rediff this against the version of ab on the
trunk?
http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/ab.c
(there are many conflicts when applying your patch to that)
> The current implementation in 2.0.54 seems to be broken
> because it dumps core when I compile it with "-DUSE_SSL".
> Even when I go back to 2.0.39, it still has many problems.
The trunk already fixed some of the simpler issues fixed there but not
the more fundamental stuff you mention. It would be great to get your
fixes in but it needs to be merged to the trunk first.
Regards,
joe
Re: [PATCH] SSL patch for ab (ApacheBench)
Posted by Masaoki Kobayashi <ma...@techfirm.co.jp>.
This is a second patch to ab in 2.0.54 package.
It fixes the things below against the first patch.
1. The resulting shared key bit length is now the
number of effective bits.
2. Now ab does not dump core in case of SSL handshake
error.
--
Masaoki Kobayashi
<ma...@techfirm.co.jp>