help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Re: Strange problem with SVN and mod_gnutls

From: Nikos Mavrogiannopoulos
Subject: Re: [Help-gnutls] Re: Strange problem with SVN and mod_gnutls
Date: Sat, 13 Jun 2009 15:55:55 +0300
User-agent: Thunderbird 2.0.0.21 (X11/20090409) 
Tobias Gruetzmacher wrote:
> Hi,
> 
> On Sat, Jun 13, 2009 at 10:38:43AM +0300, Nikos Mavrogiannopoulos wrote:
>>> I build libneon with some debugging instructions and put the resulting
>>> log on my server: http://23.gs/svn-gnutls-debug.log ...
>> For some reason the server sends some packets without any contents and
>> the client believes that this is a denial of service. Is there some
>> application that produces those packets or this is just a file transfer?
> 
> This is just a "svn checkout" - The request can be seen in the first
> lines of the log file. Unfortunatly I can't reproduce this error with
> gnutls-cli or socat... On the server side just plain Apache with
> mod_gnutls and the SVN webdav modules. Running on a vserver behind a
> NAT, if that matters...

I suppose that there is no proxy HTTPS server in between and you have
direct communication with mod_gnutls. If this is the case could you try
if the following patch for mod_gnutls fixes the issue for you? Otherwise
could you provide debugging output of mod_gnutls (you can do that by
changing in include/mod_gnutls.h.in the MOD_GNUTLS_DEBUG definition to 1
and then run ./configure and make again).

regards,
Nikos

Index: src/gnutls_io.c
===================================================================
--- src/gnutls_io.c     (revision 402)
+++ src/gnutls_io.c     (working copy)
@@ -587,27 +587,30 @@
             if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
                 break;
             }
+            
+            if (len > 0) {
 
-            do {
-                ret = gnutls_record_send(ctxt->session, data, len);
-            }
-            while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+                do {
+                    ret = gnutls_record_send(ctxt->session, data, len);
+                }
+                while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
 
-            if (ret < 0) {
-                /* error sending output */
-                ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
+                if (ret < 0) {
+                    /* error sending output */
+                    ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
                              ctxt->c->base_server,
                              "GnuTLS: Error writing data."
                              " (%d) '%s'", (int)ret, gnutls_strerror(ret));
-                if (ctxt->output_rc == APR_SUCCESS) {
-                    ctxt->output_rc = APR_EGENERAL;
+                    if (ctxt->output_rc == APR_SUCCESS) {
+                        ctxt->output_rc = APR_EGENERAL;
+                    }
                 }
+                else if (ret != len) {
+                    /* Not able to send the entire bucket, 
+                       split it and send it again. */
+                    apr_bucket_split(bucket, ret);
+                }
             }
-            else if (ret != len) {
-                /* Not able to send the entire bucket, 
-                   split it and send it again. */
-                apr_bucket_split(bucket, ret);
-            }
 
             apr_bucket_delete(bucket);
reply via email to
[Prev in Thread] Current Thread [Next in Thread]