Skip Menu |

This queue is for tickets about the Crypt-SSLeay CPAN distribution.

Report information
The Basics
Id: 64054
Status: resolved
Priority: 0/
Queue: Crypt-SSLeay

Owner: nanis [...] runu.moc.invalid
Requestors: chris [...]

Bug Information
Severity: Important
Broken in: 0.58
Fixed in: 0.59_02

Subject: SSL Proxied via HTTP "CONNECT" fails - fixed
Download (untitled) / with headers
text/plain 1.2k
When HTTPS_PROXY is set, an attempt to connect to an SSL server via Apache fails unpredictably. The problem is timing or load related. Cause: The proxy_connect_helper function assumes that the HTTP 200 reply and the remainder of the reply headers will arrive in a single packet - but this may not be the case if system or network load is high. In this case, only the first line of the headers are removed from the input stream, leaving the remaining lines in the stream. These "left over" lines are not a good SSL formatted data stream - so the connection later fails. Solution: change the code in to ensure that the complete HTTP response header is consumed, using something like.. $connect_string .= $CRLF; $self->SUPER::send($connect_string); my $header = ""; while ($header !~ m/\r\n\r\n$/s) { my $h = ""; my $n = $self->SUPER::sysread($h, 8192); last unless ($n); $header .= $h; } my $conn_ok = ($header =~ /HTTP\/\d+\.\d+\s+200\s+/is) ? 1 : 0; Instead of the existing... $connect_string .= $CRLF; $self->SUPER::send($connect_string); my $header; my $n = $self->SUPER::sysread($header, 8192); my $conn_ok = ($header =~ /HTTP\/\d+\.\d+\s+200\s+/is) ? 1 : 0;
Download (untitled) / with headers
text/plain 337b
Please take a look at 0.59_01 available on CPAN now at <> and see if it resolves this issue. I went about a different way, and tried to handle incomplete reads/writes more in accordance with the recommendations of the OpenSSL documentation in SSLeay.xs. Thank you for your patience. -- Sinan

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to