You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Eric Covener <co...@gmail.com> on 2018/07/10 19:26:08 UTC

openssl 1.1.1-pre8 hangs in t/ssl/varlookup.t

I tried testing the latest candidate w/ openssl 1.1.1-pre8 and noticed
hangs in SSL_peek.  This is of course no issue with the 2.4.34
candidate.

Caveat: I also happen to be on AIX where the perl+openssl is very old.

http://people.apache.org/~covener/renegotiate.log

            /* XXX: Should replace setting state with SSL_renegotiate(ssl);
             * However, this causes failures in perl-framework currently,
             * perhaps pre-test if we have already negotiated?
             */
            /* Need to trigger renegotiation handshake by reading.
             * Peeking 0 bytes actually works.
             * See: http://marc.info/?t=145493359200002&r=1&w=2
             */
            SSL_peek(ssl, peekbuf, 0);

1.1.0 HEAD works fine, 1.1.1-pre8 blocks for appdata until reqtimeout
gives up, it seems like the 0 byte numbytes is no longer working

--
Eric Covener
covener@gmail.com

Re: openssl 1.1.1-pre8 hangs in t/ssl/varlookup.t

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

It might be worth comparing our trunk and 2.4.33 since we have had a lot of
discussion and some work around renegotiation behavior. Confirmation that
this is not new would be great.

On Tue, Jul 10, 2018, 14:26 Eric Covener <co...@gmail.com> wrote:

> I tried testing the latest candidate w/ openssl 1.1.1-pre8 and noticed
> hangs in SSL_peek.  This is of course no issue with the 2.4.34
> candidate.
>
> Caveat: I also happen to be on AIX where the perl+openssl is very old.
>
> http://people.apache.org/~covener/renegotiate.log
>
>             /* XXX: Should replace setting state with SSL_renegotiate(ssl);
>              * However, this causes failures in perl-framework currently,
>              * perhaps pre-test if we have already negotiated?
>              */
>             /* Need to trigger renegotiation handshake by reading.
>              * Peeking 0 bytes actually works.
>              * See: http://marc.info/?t=145493359200002&r=1&w=2
>              */
>             SSL_peek(ssl, peekbuf, 0);
>
> 1.1.0 HEAD works fine, 1.1.1-pre8 blocks for appdata until reqtimeout
> gives up, it seems like the 0 byte numbytes is no longer working
>
> --
> Eric Covener
> covener@gmail.com
>