osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to SSL_MODE_AUTO_RETRY?


On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote:
> I'm currently testing the following patch which looks OK wrt. test suite
> results. Need to run more combinations (OpenSSL version client versus
> server) though. Server with 1.1.1 and with 1.0.2p both look OK (including
> the h2 tests). Maybe some cases could be folded together or be dropped, but
> I tried to make the logic changes not to big. The SSL_ERROR_ZERO_RETURN part
> is new, because without that we get an ssl:info log line AH01992 with error
> 6 (SSL_ERROR_ZERO_RETURN) at the end of the response (at least with 1.1.1).

Thanks a lot Rainer & Stefan, sorry I didn't follow through on that 
ticket/issue far enough.  Strike it down as another way that 1.1.1 
really is ABI-incompatible with <1.1.1 :(

The change committed to ssl_engine_io.c makes sense to me. I wonder if 
mod_ssl should also handle SSL_ERROR_WANT_WRITE here as well. It will be 
clearly logged if that happens ("SSL library error 3 reading data") so 
we should find out anyway.

Regards, Joe