elaka / mod-spdy

Automatically exported from code.google.com/p/mod-spdy
0 stars 0 forks source link

mod_ssl_with_npn.patch without mod_spdy causes Chrome on Android Error 2(net::ERR_FAILED) #58

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What version/revision number of mod_spdy are you using?

mod_spdy-0.9.3.3 svn rev. 384, 0.9.2.2 rev. 352

What version of Apache are you using, and on what operating system?  (Use
`apache2ctl -v` to check.)

httpd 2.2.23 and 2.2.22

What other Apache modules are you using?  (Use `apache2ctl -M` to check.)

Loaded Modules:
 core_module (static)
 authn_file_module (static)
 authn_default_module (static)
 authz_host_module (static)
 authz_groupfile_module (static)
 authz_user_module (static)
 authz_default_module (static)
 auth_basic_module (static)
 include_module (static)
 filter_module (static)
 log_config_module (static)
 env_module (static)
 setenvif_module (static)
 version_module (static)
 mpm_prefork_module (static)
 http_module (static)
 mime_module (static)
 status_module (static)
 autoindex_module (static)
 asis_module (static)
 cgi_module (static)
 negotiation_module (static)
 dir_module (static)
 actions_module (static)
 userdir_module (static)
 alias_module (static)
 so_module (static)
 ssl_module (shared)

What browser version did you use to access the mod_spdy server?  
Chrome for Android (18.0.1025308)

On what operating system? What flags was the browser invoked with?  (For 
Chrome/Chromium, go to about:version to check.)

Android 4.0.4 on a Nexus S (also reported on 4.1.?), default Install, no flags 
or configuration options have been added, changed or removed.

What steps will reproduce the problem?

0. get mod_spdy code as described in (1) in 
http://code.google.com/p/mod-spdy/wiki/GettingStarted 
1. build openssl, mod_ssl and httpd with BUILDROOT=~/spdy/inst 
./build_modssl_with_npn.sh
   (adding a --prefix= to the apache configure line is recommended)
2. install apache ( cd ~/spdy/inst/htpd-2.2.22 && make install)
3. make self-signed certificates or install proper certificates
4. add SSL vhost (make sure TLS is enabled)
5. do _not_ install/build/enable mod_spdy
6. Try to connect with Chrome on Android
7. Error 2(net::ERR_FAILED) is reported
8. If Apache runs with LogLevel debug, the error.log show that the conversation 
was terminated by the Client with 15 03 01 00 02  and 02 50

I've reproduced this on Ubuntu 12.04 (x86_64), Centos 6 (x86_64) and Debian 
squeeze (i686). This issue is somewhat sticky in that chrome may have be 
terminated or the phone rebooted for it to go away (or, for that matter, 
appear).

Please provide any additional information below.

Debug trace of server start + one failed Request:

[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(869): Configuring RSA 
server private key
[Thu Oct 18 20:09:32 2012] [info] Configuring server for SSL protocol
[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(471): Creating new SSL 
context (protocols: SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2)
[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(699): Configuring 
permitted SSL ciphers [ALL]
[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(420): Configuring TLS 
extension handling
[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(830): Configuring RSA 
server certificate
[Thu Oct 18 20:09:32 2012] [warn] RSA server certificate CommonName (CN) 
`rc90.devel.office.sevenval.de' does NOT match server name!?
[Thu Oct 18 20:09:32 2012] [debug] ssl_engine_init.c(869): Configuring RSA 
server private key
[Thu Oct 18 20:09:37 2012] [info] [client 172.19.0.4] Connection to child 0 
established (server dummy-host.example.com:443)
[Thu Oct 18 20:09:37 2012] [info] Seeding PRNG with 136 bytes of entropy
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1892): OpenSSL: 
Handshake: start
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
before/accept initialization
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1920): OpenSSL: read 11/11 
bytes from BIO#928ffd8 [mem: 92975e0] (BIO dump follows)
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1853): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0000: 16 03 01 01 
df 01 00 01-db 03 01                 ...........      |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1898): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1920): OpenSSL: read 473/473 
bytes from BIO#928ffd8 [mem: 92975ee] (BIO dump follows)
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1853): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0000: 50 80 45 e1 
e5 e3 c1 f5-4e c4 8f 6e 8b d5 45 d1  P.E.....N..n..E. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0010: 55 9d ee df 
2c 92 1b a6-24 54 39 9b 47 82 ce 9a  U...,...$T9.G... |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0020: 20 24 8f 6d 
f4 cb 0e 13-2b 5c 36 b5 4c 14 36 66   $.m....+\\6.L.6f |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0030: a3 bd 89 89 
e5 04 d4 ad-e7 ef c0 3b 0a 5b 90 f2  ...........;.[.. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0040: 2d 00 44 c0 
14 c0 0a 00-39 00 38 00 88 00 87 c0  -.D.....9.8..... |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0050: 0f c0 05 00 
35 00 84 c0-12 c0 08 00 16 00 13 c0  ....5........... |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0060: 0d c0 03 00 
0a c0 13 c0-09 00 33 00 32 00 45 00  ..........3.2.E. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0070: 44 c0 0e c0 
04 00 2f 00-41 c0 11 c0 07 c0 0c c0  D...../.A....... |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0080: 02 00 05 00 
04 00 ff 01-00 01 4e 00 00 00 22 00  ..........N...". |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0090: 20 00 00 1d 
72 63 39 30-2e 64 65 76 65 6c 2e 6f   ...rc90.devel.o |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00a0: 66 66 69 63 
65 2e 73 65-76 65 6e 76 61 6c 2e 64  ffice.sevenval.d |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00b0: 65 00 0b 00 
04 03 00 01-02 00 0a 00 34 00 32 00  e...........4.2. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00c0: 01 00 02 00 
03 00 04 00-05 00 06 00 07 00 08 00  ................ |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00d0: 09 00 0a 00 
0b 00 0c 00-0d 00 0e 00 0f 00 10 00  ................ |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00e0: 11 00 12 00 
13 00 14 00-15 00 16 00 17 00 18 00  ................ |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 00f0: 19 00 23 00 
e0 c1 71 a5-fb 5a 5c 8f 3e 14 41 cc  ..#...q..Z\\.>.A. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0100: 5f 8a f5 de 
c7 16 08 41-c1 6f 99 96 07 e6 df 6a  _......A.o.....j |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0110: 1a 51 00 75 
07 03 12 6d-d5 f8 b3 c3 71 72 5c c6  .Q.u...m....qr\\. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0120: 64 3a 71 cc 
48 a8 57 93-b8 ed 5f 47 aa a9 d0 4a  d:q.H.W..._G...J |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0130: b7 55 03 b0 
49 0d 1e 50-1e 33 87 cc 69 4b 03 10  .U..I..P.3..iK.. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0140: b0 f0 c2 c5 
be a9 b5 13-eb 9c 10 1a 3b 55 58 43  ............;UXC |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0150: b9 60 a8 cc 
6b c8 bb 00-8f 80 45 c2 9f dd 3f ee  .`..k.....E...?. |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0160: 6f a8 12 f8 
82 1e 64 08-49 17 dc 79 c1 85 3c 4e  o.....d.I..y..<N |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0170: 94 9f f5 ea 
5f ca 77 18-7d ef 56 55 a2 03 c0 f1  ...._.w.}.VU.... |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0180: 64 fa bc fa 
4b c6 03 0d-8b 78 a6 32 fd ac 30 5a  d...K....x.2..0Z |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0190: 4a d0 a6 c9 
98 b8 69 a6-23 1d af 28 60 67 72 50  J.....i.#..(`grP |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 01a0: 2a e1 c9 06 
e3 5a bd eb-c9 92 d5 8e 0f 9b ae 60  *....Z.........` |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 01b0: f5 4a 84 3b 
2e 42 ff fe-43 23 ab 9c 01 e9 df 6c  .J.;.B..C#.....l |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 01c0: 36 78 62 0d 
73 9b 66 58-67 ed 2d 6f c4 e4 1d 66  6xb.s.fXg.-o...f |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 01d0: 82 9d 95 56 
e2 33 74                             ...V.3t          |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1896): | 0473 - <SPACES/NULS>
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1898): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(2019): [client 
172.19.0.4] No matching SSL virtual host for servername 
rc90.devel.office.sevenval.de found (using default/first virtual host)
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1910): OpenSSL: Write: 
SSLv3 read client hello C
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 read client hello A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 write server hello A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 write certificate A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1275): [client 
172.19.0.4] handing out temporary 1024 bit DH key
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 write key exchange A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 write server done A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1900): OpenSSL: Loop: 
SSLv3 flush data
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1920): OpenSSL: read 5/5 
bytes from BIO#928ffd8 [mem: 92975e3] (BIO dump follows)
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1853): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0000: 15 03 01 00 
02                                   .....            |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1898): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1920): OpenSSL: read 2/2 
bytes from BIO#928ffd8 [mem: 92975e8] (BIO dump follows)
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1853): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1892): | 0000: 02 50         
                                   .P               |
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_io.c(1898): 
+-------------------------------------------------------------------------+
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1905): OpenSSL: Read: 
SSLv3 read client certificate A
[Thu Oct 18 20:09:37 2012] [debug] ssl_engine_kernel.c(1924): OpenSSL: Exit: 
failed in SSLv3 read client certificate A
[Thu Oct 18 20:09:37 2012] [info] [client 172.19.0.4] SSL library error 1 in 
handshake (server dummy-host.example.com:443)
[Thu Oct 18 20:09:37 2012] [info] SSL Library Error: 336151608 
error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
[Thu Oct 18 20:09:37 2012] [info] [client 172.19.0.4] Connection closed to 
child 0 with abortive shutdown (server dummy-host.example.com:443)

Original issue reported on code.google.com by goo...@7val.com on 19 Oct 2012 at 10:12

GoogleCodeExporter commented 8 years ago
I saw that problem also - current Opera Mobile has a similar problem. But this 
is a browser bug (Chrome and Opera) not a mod_ssl/npn bug I guess.

Original comment by bja...@gmail.com on 10 Nov 2012 at 11:09