search

cherokee / webserver

Cherokee Web Server
GNU General Public License v2.0
563 stars 104 forks source link

Problem with ssl/keep-alive/chunked-encoding #707

Open danielniccoli opened 11 years ago

danielniccoli commented 11 years ago

Original author: go.on....@googlemail.com (August 11, 2010 23:56:43)

What steps will reproduce the problem?

  1. Install latest SVN r5373
  2. Upload attached script
  3. Call http://yourdomain.com/test.php -> Works in all browsers
  4. Call https://yourdomain.com/test.php -> In Firefox results in a blank page most of the time
  5. Call https://yourdomain.com/test.php -> In Google Chrome results in Error 100 (net::ERR_CONNECTION_CLOSED): Unknown Error
  6. Call https://yourdomain.com/test.php -> In Opera 10.6 works most of the time, but sometimes cuts off a few bytes
  7. Turn off "Chunked Encoding" or "Keep Alive" and repeat 4 - 6. Everything will work fine even with ssl

In Firefox and Chrome with chunked encoding it works sometimes but not all of the time. After Restart of cherokee it works a few times.

What version of the product are you using? On what operating system? Debian Lenny Linux version 2.6.33.3 (gcc version 4.3.2 (Debian 4.3.2-1.1))

​ cherokee -V

Cherokee Web Server 1.0.8

OpenSSL> version
OpenSSL 0.9.8o 01 Jun 2010

$ php5-cgi -v
PHP 5.3.3-0.dotdeb.0 with Suhosin-Patch (cgi-fcgi) (built: Jul 24 2010 04:49:23) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

Original issue: http://code.google.com/p/cherokee/issues/detail?id=954

danielniccoli commented 11 years ago

From alobbs on August 12, 2010 09:37:24 I cannot reproduce the issue. It always works for me at this end. Do you have some other tip to reproduce it?

danielniccoli commented 11 years ago

From go.on....@googlemail.com on August 12, 2010 13:55:45 I attached my config

danielniccoli commented 11 years ago

From go.on....@googlemail.com on August 12, 2010 14:07:31 Oh, and I use a startssl shared cert if this is important.

danielniccoli commented 11 years ago

From i...@cmsfruit.com on November 13, 2010 04:47:26 I am also experiencing the same issue.... I have confirmed that when I turn off chunk encoding then everything loads fine with HTTPS... but if I enable chunk encoding then images and javascript fail to load or load partially intermittently only in HTTPS mode, and sometimes I get blank pages. Everything works fine in HTTP.

danielniccoli commented 11 years ago

From i...@cmsfruit.com on November 13, 2010 04:48:07 I forgot to mention that I am using the latest version v1.0.9

danielniccoli commented 11 years ago

From toyowhee...@gmail.com on December 24, 2010 17:03:49 Using Cherokee 1.0.14 this problem is still present.

danielniccoli commented 11 years ago

From sylvain....@gmail.com on January 31, 2011 21:14:46 I have the same problem with 1.0.18.

If I use FF3.6, FF4beta10 it's a blank page. With IE8, it's a browser error. With Chromium (8.0.552.237 (70801) Ubuntu 10.04), it works.

With curl, I can do:

curl -v https://www.SITE.com/ and it returns the main page.

Here is the header:

GET / HTTP/1.1 User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host: www.SITE.com Accept: /

< HTTP/1.1 200 OK < Transfer-Encoding: chunked < Date: Mon, 31 Jan 2011 21:11:45 GMT < Server: Apache/2.2.8 (Ubuntu) mod_perl/2.0.3 Perl/v5.8.8 < Set-Cookie: stamp=1296508305; domain=SITE.com; path=/; expires=1d < Content-Type: text/html; charset=iso-8859-1

Cherokee is configured as proxy on a localhost:80 haproxy that make a round robin with apps machines.

I've upgrade from 0.99.44 to correct the "cryptor_libssl.c:592 - SSL_write: unknown errno: Connection timed out" problem.

danielniccoli commented 11 years ago

From scottrei...@gmail.com on March 10, 2011 02:52:22 I have the same problem with 1.2.1

danielniccoli commented 11 years ago

From lodle...@gmail.com on March 10, 2011 05:12:34 We are looking at switching to cherokee and im having the same issue using curl. I recompiled curl using polarssl and it works fine so it looks like that openssl is causing the issue.

I did some deeper debugging in curl and it seems that the data buffer gets corrupted around the 128kb mark as the page we are loading is fine then start getting random binary data after that.

danielniccoli commented 11 years ago

From ren...@toolsnet.mx on March 23, 2011 20:29:57 I think I might be having the same issue.

Version 1.2.1

danielniccoli commented 11 years ago

From uvc...@gmail.com on April 12, 2011 19:50:59 Looks like I have the same issue. Chromium reports connection closed and Firefox4 a zero length body when making requests via HTTPS. HTTP is working fine.

Cherokee: 1.2.1 Openssl: 1.0.0.d PHP: 5.3.6

Disabling keep alive as noted in a previous comment works around the issue.

danielniccoli commented 11 years ago

From ste...@konink.de on April 23, 2011 19:36:00 Please test latest SVN

danielniccoli commented 11 years ago

From anonsph...@gmail.com on June 25, 2011 13:42:29 Problem is still present in latest svn.

Cherokee Web Server 1.2.98 OpenSSL 0.9.8o 01 Jun 2010 PHP 5.3.6-6 (php5-fpm) / APC 3.1.9 / Suhosin v0.9.32.1

BUT it is much better now. On 1000 Requests I get only 2 cut off pages so far. I will activate it now on an test server and keep an eye on it.

danielniccoli commented 11 years ago

From anonsph...@gmail.com on June 25, 2011 14:27:49 Ok, after surfing about 40 minutes, I can say, that the problem is still not solved. The problems with dynamic content seems to be gone, but there are still problems with static content in my case with a big background image, that is only loaded to half or less in about 50% of requests.

danielniccoli commented 11 years ago

From etienne....@gmail.com on July 12, 2011 19:20:51 I just upgraded from Cherokee 0.99.39 to 1.2.98 and now I have the same problem, some images are incomplete or do not show at all when in HTTPS. No problem in HTTP. The problem was not there with 0.99.39. I'm on Ubuntu Server 10.04 64bit with OpenSSL 0.9.8k 25 Mar 2009.

If I turn off Chunk Encoding or Keep Alive the problem is a lot less present (at least 1/10) but still present.

danielniccoli commented 11 years ago

From anonsph...@gmail.com on July 16, 2011 02:01:13 Updated to latest svn version and libssl1.0.0 - problem is still present. :-(

danielniccoli commented 11 years ago

From aminl...@gmail.com on December 11, 2011 12:18:44 Is this going to be addressed anytime soon, or should everybody just permanently forgo chunked-encoding?

danielniccoli commented 11 years ago

From ste...@konink.de on December 11, 2011 12:30:01 Keep-alive/Chunked is working. The only known thing that is broken is POST... and this is worked on here:

https://github.com/cherokee/webserver/tree/new-events (extremely unstable)

danielniccoli commented 11 years ago

From alobbs on December 12, 2011 08:18:15 The 'new-events' branch is FAR from being functional. Do NOT use it on production.