You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Gustavo Niemeyer <ni...@conectiva.com> on 2002/09/06 22:14:24 UTC
SSL layer bug
I have stepped into a reproducible bug somewhere in the SSL layer. Here
are details about it:
Scenario
--------
We're using subversion to store directories with binaries and text files
inside them. Some of those directories have large files. We store, for
example, a directory with XFree86's tarball, which has about 50MB, and
a few other patches.
Problem
-------
When checking out large files, the SSL connection is closed immediately
after the large file is downloaded. The large file itself is downloaded
just fine. If an unencrypted connection is used, everything works as
expected.
Reproducibility
---------------
It happens most of the times we try to checkout a directory with a large
file inside it. Rarely, it has worked. We've tested with the XFree86
tarball, and 2 other files of about 30MB.
SVN output
----------
[...]
A XFree86/SOURCES/XFree86-locale.alias.bz2
A XFree86/SOURCES/XFree86-4.2.0.tar.bz2
A XFree86/SOURCES/XFree86-Xsetup_0.conectiva
svn: RA layer request failed
svn: could not checkout a file
svn: GET of
/repos/cnc/!svn/bc/14857/snapshot/XFree86/current/SOURCES/XFree86-Xs
etup_0.conectiva: Could not read status line: Secure connection
truncated
Last entries in apache error_log
--------------------------------
[...]
[Fri Sep 06 18:29:58 2002] [debug] ssl_engine_kernel.c(1864): OpenSSL:
Write: SSL negotiation finished successfully
[Fri Sep 06 18:29:58 2002] [info] Connection to child 0 closed with
standard shutdown(server new.host.name:443, client 10.0.16.10)
Versions
--------
Subversion: revision 3140
Apache2: today's snapshot
Neon: 0.23.3
OpenSSL: 0.9.6g
Is there any other information I could provide?
Any help will be appreciated!
--
Gustavo Niemeyer
[ 2AAC 7928 0FBF 0299 5EB5 60E2 2253 B29A 6664 3A0C ]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: SSL layer bug
Posted by Gustavo Niemeyer <ni...@conectiva.com>.
> Hi - does the neon patch below make these errors go away? The error
> should not occur if the server implements HTTP-over-SSL correctly, so
> there is probably a server bug here somewhere. An ssldump trace would
> be needed to be sure.
Joe, it works perfectly. Thanks a lot!
Is it a temporary patch which is masking some major problem in apache2
itself, or you think that this is a definitive solution?
Again, thank you.
--
Gustavo Niemeyer
[ 2AAC 7928 0FBF 0299 5EB5 60E2 2253 B29A 6664 3A0C ]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: SSL layer bug
Posted by Joe Orton <jo...@manyfish.co.uk>.
On Fri, Sep 06, 2002 at 07:14:24PM -0300, Gustavo Niemeyer wrote:
...
> [...]
> A XFree86/SOURCES/XFree86-locale.alias.bz2
> A XFree86/SOURCES/XFree86-4.2.0.tar.bz2
> A XFree86/SOURCES/XFree86-Xsetup_0.conectiva
> svn: RA layer request failed
> svn: could not checkout a file
> svn: GET of
> /repos/cnc/!svn/bc/14857/snapshot/XFree86/current/SOURCES/XFree86-Xs
> etup_0.conectiva: Could not read status line: Secure connection
> truncated
Hi - does the neon patch below make these errors go away? The error
should not occur if the server implements HTTP-over-SSL correctly, so
there is probably a server bug here somewhere. An ssldump trace would
be needed to be sure.
--- src/ne_request.c 30 Aug 2002 21:02:43 -0000 1.102
+++ src/ne_request.c 6 Sep 2002 22:24:11 -0000
@@ -892,9 +892,8 @@
* appropriate return value given a 'retry' flag, the socket error
* 'code', and the return value 'acode' from the aborted() function. */
#define RETRY_RET(retry, code, acode) \
-((((code) == NE_SOCK_CLOSED || (code) == NE_SOCK_RESET) && retry) \
-? NE_RETRY : (acode))
-/* TODO: probably need NE_SOCK_TRUNC in there too. */
+((((code) == NE_SOCK_CLOSED || (code) == NE_SOCK_RESET || \
+ (code) == NE_SOCK_TRUNC) && retry) ? NE_RETRY : (acode))
/* Read and parse response status-line into 'status'. 'retry' is non-zero
* if an NE_RETRY should be returned if an EOF is received. */
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org