[packages/apache/APACHE_2_2] - rel 3; in 2.2.24 the way internal dummy connection is done for SSL connection has changed which ca

arekm arekm at pld-linux.org
Wed Apr 10 20:36:27 CEST 2013


commit a0dc379fa95a291542de29cc9bd7dc9b933b9196
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Apr 10 20:36:23 2013 +0200

    - rel 3; in 2.2.24 the way internal dummy connection is done for SSL connection has changed which caused serious issues for me (like graceful restart taking minutes). Most likely sending TLS 1.0 fake dummy close is not interoperating nicely with openssl 1.0.1. Workaround that by backporting upstream fix for 39653 (aka use non-ssl internal dummy connection when possible).

 apache-bug-39653.patch | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
 apache.spec            |  4 ++-
 2 files changed, 69 insertions(+), 1 deletion(-)
---
diff --git a/apache.spec b/apache.spec
index 1ffb291..1db4246 100644
--- a/apache.spec
+++ b/apache.spec
@@ -44,7 +44,7 @@ Summary(ru.UTF-8):	Самый популярный веб-сервер
 Summary(tr.UTF-8):	Lider WWW tarayıcı
 Name:		apache
 Version:	2.2.24
-Release:	2
+Release:	3
 License:	Apache v2.0
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
@@ -107,6 +107,7 @@ Patch26:	apache-mod_vhost_alias_docroot.patch
 # http://mpm-itk.sesse.net/
 Patch28:	apache-mpm-itk.patch
 Patch29:	libtool-tag.patch
+Patch30:	apache-bug-39653.patch
 URL:		http://httpd.apache.org/
 BuildRequires:	apr-devel >= %{apr_ver}
 BuildRequires:	apr-util-devel >= 1:1.3.10-2
@@ -1801,6 +1802,7 @@ Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
 %patch26 -p1
 %patch28 -p1
 %patch29 -p1
+%patch30 -p1
 
 # using system apr, apr-util and pcre
 %{__rm} -r srclib/{apr,apr-util,pcre}
diff --git a/apache-bug-39653.patch b/apache-bug-39653.patch
new file mode 100644
index 0000000..b3aad6b
--- /dev/null
+++ b/apache-bug-39653.patch
@@ -0,0 +1,66 @@
+commit baf08a26b4e3f40491ae9459ef80a7460194c064
+Author: jorton <jorton at 13f79535-47bb-0310-9956-ffa450edef68>
+Date:   Fri Dec 12 16:08:16 2008 +0000
+
+    * server/mpm_common.c (dummy_connection): If possible, use a non-SSL
+      listening port to use for the dummy connection, to avoid causing
+      (confusing) error log spam by sending EOF down an SSL port.
+    
+    PR: 39653
+    
+    
+    git-svn-id: http://svn.apache.org/repos/asf/httpd/httpd/trunk@726065 13f79535-47bb-0310-9956-ffa450edef68
+
+diff --git a/server/mpm_common.c b/server/mpm_common.c
+index f5941f5..72b0e66 100644
+--- a/server/mpm_common.c
++++ b/server/mpm_common.c
+@@ -657,6 +657,7 @@ static apr_status_t dummy_connection(ap_pod_t *pod)
+     apr_socket_t *sock;
+     apr_pool_t *p;
+     apr_size_t len;
++    ap_listen_rec *lp;
+ 
+     /* create a temporary pool for the socket.  pconf stays around too long */
+     rv = apr_pool_create(&p, pod->p);
+@@ -664,8 +665,19 @@ static apr_status_t dummy_connection(ap_pod_t *pod)
+         return rv;
+     }
+ 
+-    rv = apr_socket_create(&sock, ap_listeners->bind_addr->family,
+-                           SOCK_STREAM, 0, p);
++    /* If possible, find a listener which is configured for
++     * plain-HTTP, not SSL; using an SSL port would either be
++     * expensive to do correctly (performing a complete SSL handshake)
++     * or cause log spam by doing incorrectly (simply sending EOF). */
++    lp = ap_listeners;
++    while (lp && lp->protocol && strcasecmp(lp->protocol, "http") != 0) {
++        lp = lp->next;
++    }
++    if (!lp) {
++        lp = ap_listeners;
++    }
++
++    rv = apr_socket_create(&sock, lp->bind_addr->family, SOCK_STREAM, 0, p);
+     if (rv != APR_SUCCESS) {
+         ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
+                      "get socket to connect to listener");
+@@ -688,7 +700,7 @@ static apr_status_t dummy_connection(ap_pod_t *pod)
+         return rv;
+     }
+ 
+-    rv = apr_socket_connect(sock, ap_listeners->bind_addr);
++    rv = apr_socket_connect(sock, lp->bind_addr);
+     if (rv != APR_SUCCESS) {
+         int log_level = APLOG_WARNING;
+ 
+@@ -704,7 +704,7 @@ static apr_status_t dummy_connection(ap_
+         }
+ 
+         ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
+-                     "connect to listener on %pI", ap_listeners->bind_addr);
++                     "connect to listener on %pI", lp->bind_addr);
+         apr_pool_destroy(p);
+         return rv;
+     }
+
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/a0dc379fa95a291542de29cc9bd7dc9b933b9196



More information about the pld-cvs-commit mailing list