On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote:
I'm currently testing the following patch which looks OK wrt. test suite
results. Need to run more combinations (OpenSSL version client versus
server) though. Server with 1.1.1 and with 1.0.2p both look OK (including
the h2 tests). Maybe some cases could be folded together or be dropped, but
I tried to make the logic changes not to big. The SSL_ERROR_ZERO_RETURN part
is new, because without that we get an ssl:info log line AH01992 with error
6 (SSL_ERROR_ZERO_RETURN) at the end of the response (at least with 1.1.1).
Thanks a lot Rainer & Stefan, sorry I didn't follow through on that
ticket/issue far enough. Strike it down as another way that 1.1.1
really is ABI-incompatible with <1.1.1 :(
The change committed to ssl_engine_io.c makes sense to me. I wonder if
mod_ssl should also handle SSL_ERROR_WANT_WRITE here as well. It will be
clearly logged if that happens ("SSL library error 3 reading data") so
we should find out anyway.