[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [PATCH] disable keep alive connections when using SSL
From:       Waldo Bastian <bastian () kde ! org>
Date:       2002-03-30 22:37:45
[Download RAW message or body]

On Saturday 30 March 2002 02:03 pm, Dawit A. wrote:
> On Saturday 30 March 2002 10:30, Matthias Welwarsky wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > there seems to be a bug in openssl so that it returns "ok" when you call
> > SSL_write() on a socket closed by the remote host. This breaks http POST
> > requests when using keep alive connections.
> >
> > This patch disables the keep alive when SSL is in use.
> > ok to commit?
>
> Okay here is my patch modified so that is disables persistent SSL
> connection as a workaround (only for performarance reasons) as well as
> fixes the bug in kio_http that caused the SSL_write bug to be noticeable to
> begin with. The workaround is not really necessary with my fix for kio_http
> anymore. However, it saves us from multiple attempts to send the data to
> the server so it is better to revert back to not doing persistent SSL
> connection.

Wrong fix. The problem is not SSL persistent connections, the problem is 
sending a POST request over a persistent connection. See e.g. RFC2616 section 
8.1.4:

 "Non-idempotent methods or sequences MUST NOT be automatically retried,
  although user agents MAY offer a human operator the choice of retrying the
  request(s)."

I think the better solution would be to make sure that non-idempotent methods 
(basically everything but GET) should start a new connection. (Patch 
attached)

The current problem is not limited to https, but happens in http too, the only 
difference is that the detection for broken connections is rather unreliable 
in https so that we run into the problem more often with https, but the same 
can happen in http.

Cheers,
Waldo
-- 
bastian@kde.org  |   SuSE Labs KDE Developer  |  bastian@suse.com

["http_post.patch" (text/x-diff)]

Index: http.cc
===================================================================
RCS file: /home/kde/kdelibs/kioslave/http/http.cc,v
retrieving revision 1.471
diff -u -p -r1.471 http.cc
--- http.cc	2002/03/30 13:30:25	1.471
+++ http.cc	2002/03/30 22:36:33
@@ -920,6 +920,9 @@ void HTTPProtocol::mkdir( const KURL& ur
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for MKDIR
+  httpCloseConnection();
+
   retrieveHeader( false );
 
   if ( m_responseCode == 201 )
@@ -967,6 +970,9 @@ void HTTPProtocol::put( const KURL &url,
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for PUT
+  httpCloseConnection();
+
   retrieveHeader( true );
 }
 
@@ -990,6 +996,9 @@ void HTTPProtocol::copy( const KURL& src
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for COPY
+  httpCloseConnection();
+
   retrieveHeader( false );
 
   // The server returns a HTTP/1.1 201 Created or 204 No Content on successful completion
@@ -1019,6 +1028,9 @@ void HTTPProtocol::rename( const KURL& s
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for MOVE
+  httpCloseConnection();
+
   retrieveHeader( false );
 
   if ( m_responseCode == 201 )
@@ -1041,6 +1053,9 @@ void HTTPProtocol::del( const KURL& url,
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for DELETE
+  httpCloseConnection();
+
   retrieveHeader( false );
 
   // The server returns a HTTP/1.1 200 Ok or HTTP/1.1 204 No Content
@@ -1065,6 +1080,9 @@ void HTTPProtocol::post( const KURL& url
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
 
+  // Never use a keep-alive connection for POST
+  httpCloseConnection();
+
   retrieveContent();
 }
 
@@ -1112,6 +1130,9 @@ void HTTPProtocol::davLock( const KURL& 
   // insert the document into the POST buffer
   m_bufPOST = lockReq.toCString();
 
+  // Never use a keep-alive connection for LOCK
+  httpCloseConnection();
+
   retrieveContent( true );
 
   if ( m_responseCode == 200 ) {
@@ -1147,6 +1168,9 @@ void HTTPProtocol::davUnlock( const KURL
   m_request.query = QString::null;
   m_request.cache = CC_Reload;
   m_request.doProxy = m_bUseProxy;
+
+  // Never use a keep-alive connection for UNLOCK
+  httpCloseConnection();
 
   retrieveContent( true );
 


[prev in list] [next in list] [prev in thread] [next in thread]