[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Re: Strange problem with SVN and mod_gnutls
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Re: Strange problem with SVN and mod_gnutls |
Date: |
Sat, 13 Jun 2009 15:55:55 +0300 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
Tobias Gruetzmacher wrote:
> Hi,
>
> On Sat, Jun 13, 2009 at 10:38:43AM +0300, Nikos Mavrogiannopoulos wrote:
>>> I build libneon with some debugging instructions and put the resulting
>>> log on my server: http://23.gs/svn-gnutls-debug.log ...
>> For some reason the server sends some packets without any contents and
>> the client believes that this is a denial of service. Is there some
>> application that produces those packets or this is just a file transfer?
>
> This is just a "svn checkout" - The request can be seen in the first
> lines of the log file. Unfortunatly I can't reproduce this error with
> gnutls-cli or socat... On the server side just plain Apache with
> mod_gnutls and the SVN webdav modules. Running on a vserver behind a
> NAT, if that matters...
I suppose that there is no proxy HTTPS server in between and you have
direct communication with mod_gnutls. If this is the case could you try
if the following patch for mod_gnutls fixes the issue for you? Otherwise
could you provide debugging output of mod_gnutls (you can do that by
changing in include/mod_gnutls.h.in the MOD_GNUTLS_DEBUG definition to 1
and then run ./configure and make again).
regards,
Nikos
Index: src/gnutls_io.c
===================================================================
--- src/gnutls_io.c (revision 402)
+++ src/gnutls_io.c (working copy)
@@ -587,27 +587,30 @@
if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
break;
}
+
+ if (len > 0) {
- do {
- ret = gnutls_record_send(ctxt->session, data, len);
- }
- while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+ do {
+ ret = gnutls_record_send(ctxt->session, data, len);
+ }
+ while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- if (ret < 0) {
- /* error sending output */
- ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
+ if (ret < 0) {
+ /* error sending output */
+ ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
ctxt->c->base_server,
"GnuTLS: Error writing data."
" (%d) '%s'", (int)ret, gnutls_strerror(ret));
- if (ctxt->output_rc == APR_SUCCESS) {
- ctxt->output_rc = APR_EGENERAL;
+ if (ctxt->output_rc == APR_SUCCESS) {
+ ctxt->output_rc = APR_EGENERAL;
+ }
}
+ else if (ret != len) {
+ /* Not able to send the entire bucket,
+ split it and send it again. */
+ apr_bucket_split(bucket, ret);
+ }
}
- else if (ret != len) {
- /* Not able to send the entire bucket,
- split it and send it again. */
- apr_bucket_split(bucket, ret);
- }
apr_bucket_delete(bucket);