From kde-core-devel Sun Mar 31 18:19:25 2002 From: "Dawit A." Date: Sun, 31 Mar 2002 18:19:25 +0000 To: kde-core-devel Subject: Re: [PATCH] disable keep alive connections when using SSL X-MARC-Message: https://marc.info/?l=kde-core-devel&m=101759923215364 On Saturday 30 March 2002 17:37, Waldo Bastian wrote: > On Saturday 30 March 2002 02:03 pm, Dawit A. wrote: > > On Saturday 30 March 2002 10:30, Matthias Welwarsky wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hi, > > > > > > there seems to be a bug in openssl so that it returns "ok" when you > > > call SSL_write() on a socket closed by the remote host. This breaks > > > http POST requests when using keep alive connections. > > > > > > This patch disables the keep alive when SSL is in use. > > > ok to commit? > > > > Okay here is my patch modified so that is disables persistent SSL > > connection as a workaround (only for performarance reasons) as well a= s > > fixes the bug in kio_http that caused the SSL_write bug to be noticea= ble > > to begin with. The workaround is not really necessary with my fix for > > kio_http anymore. However, it saves us from multiple attempts to send= the > > data to the server so it is better to revert back to not doing persis= tent > > SSL connection. > > Wrong fix. The problem is not SSL persistent connections, the problem i= s > sending a POST request over a persistent connection. See e.g. RFC2616 > section 8.1.4: > > "Non-idempotent methods or sequences MUST NOT be automatically retried= , > although user agents MAY offer a human operator the choice of retryin= g > the request(s)." > > I think the better solution would be to make sure that non-idempotent > methods (basically everything but GET) should start a new connection. > > The current problem is not limited to https, but happens in http too, t= he > only difference is that the detection for broken connections is rather > unreliable in https so that we run into the problem more often with htt= ps, > but the same can happen in http. Regarding the patch. It is not necessary to call httpCloseConnection fro= m all=20 those functions. We can do the same thing in httpClose(). Regards, Dawit A.