[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [PATCH] disable keep alive connections when using SSL
From:       "Dawit A." <adawit () kde ! org>
Date:       2002-03-31 18:19:25
[Download RAW message or body]

On Saturday 30 March 2002 17:37, Waldo Bastian wrote:
> On Saturday 30 March 2002 02:03 pm, Dawit A. wrote:
> > On Saturday 30 March 2002 10:30, Matthias Welwarsky wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hi,
> > >
> > > there seems to be a bug in openssl so that it returns "ok" when you
> > > call SSL_write() on a socket closed by the remote host. This breaks
> > > http POST requests when using keep alive connections.
> > >
> > > This patch disables the keep alive when SSL is in use.
> > > ok to commit?
> >
> > Okay here is my patch modified so that is disables persistent SSL
> > connection as a workaround (only for performarance reasons) as well as
> > fixes the bug in kio_http that caused the SSL_write bug to be noticeable
> > to begin with. The workaround is not really necessary with my fix for
> > kio_http anymore. However, it saves us from multiple attempts to send the
> > data to the server so it is better to revert back to not doing persistent
> > SSL connection.
>
> Wrong fix. The problem is not SSL persistent connections, the problem is
> sending a POST request over a persistent connection. See e.g. RFC2616
> section 8.1.4:
>
>  "Non-idempotent methods or sequences MUST NOT be automatically retried,
>   although user agents MAY offer a human operator the choice of retrying
> the request(s)."
>
> I think the better solution would be to make sure that non-idempotent
> methods (basically everything but GET) should start a new connection.
>
> The current problem is not limited to https, but happens in http too, the
> only difference is that the detection for broken connections is rather
> unreliable in https so that we run into the problem more often with https,
> but the same can happen in http.

Regarding the patch.  It is not necessary to call httpCloseConnection from all 
those functions.  We can do the same thing in httpClose().

Regards,
Dawit A.
[prev in list] [next in list] [prev in thread] [next in thread]