headers
Ryan McIntosh | 6 Apr 2010 15:53
Picon

Re: Sporadic SSL Bad signature Error

Still having this error about twice a day.  I put a cron job in place to restart the server hourly since selenium testing for the failure proved less stable than the server itself - too many false positives.  Alas, the restart is less than ideal as we're dropping several hundred connections during peak times.

Even with an hourly restart, this error is still occuring sporadically.  Once further piece of information I didn't realize may be significant before is that I have not configured DH parameters.  I'm not sure if they're at all necessary as SSL was still working and I've never had to do this with any other webserver.  Are the DH parameters are used for generating the session keys?  Perhaps creating DH parameter files will do something for me?  I will test and write back.

Ryan

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 1 comment |
headers
Tony Zakula | 6 Apr 2010 15:58
Picon

Webdav Support?

Hi,


I just heard of Cherokee and was excited about trying it.  I noticed a while back it was mentioned that webdav support was planned.  Has there been any progress on that?  It is something I need in my stack so to speak.  I think the coolest feature is your ssl hints.  I have not found that any where else.  I have been using Sun Web Server and they are talking about adding that.

Thanks,

TonyZ
_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 2 comments |
headers
Jędrzej Nowak | 6 Apr 2010 16:21
Picon
Favicon

Re: Webdav Support?

Hey!

WebDav support will be in Cherokee in the end of July ( max ).

Maybe partial support in May ( before summit ).

The progress... uhum... The development started... nothing more :D

Pozdrawiam
Jędrzej Nowak

On Tue, Apr 6, 2010 at 4:58 PM, Tony Zakula <tonyzakula <at> gmail.com> wrote:
> Hi,
> I just heard of Cherokee and was excited about trying it.  I noticed a while
> back it was mentioned that webdav support was planned.  Has there been any
> progress on that?  It is something I need in my stack so to speak.  I think
> the coolest feature is your ssl hints.  I have not found that any where
> else.  I have been using Sun Web Server and they are talking about adding
> that.
> Thanks,
> TonyZ
> _______________________________________________
> Cherokee mailing list
> Cherokee <at> lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
>
_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 1 comment |
headers
Tony Zakula | 6 Apr 2010 16:32
Picon

Re: Webdav Support?

Thanks!  I plan to try it out.  I just have the need for webdav in a small specific purpose stack I am putting together.  I am excited about trying to switch to Cherokee from Sun.  The control panel is a really nice feature.


TonyZ 

2010/4/6 Jędrzej Nowak <me <at> pigmej.eu>
Hey!

WebDav support will be in Cherokee in the end of July ( max ).

Maybe partial support in May ( before summit ).

The progress... uhum... The development started... nothing more :D

Pozdrawiam
Jędrzej Nowak



On Tue, Apr 6, 2010 at 4:58 PM, Tony Zakula <tonyzakula <at> gmail.com> wrote:
> Hi,
> I just heard of Cherokee and was excited about trying it.  I noticed a while
> back it was mentioned that webdav support was planned.  Has there been any
> progress on that?  It is something I need in my stack so to speak.  I think
> the coolest feature is your ssl hints.  I have not found that any where
> else.  I have been using Sun Web Server and they are talking about adding
> that.
> Thanks,
> TonyZ
> _______________________________________________
> Cherokee mailing list
> Cherokee <at> lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
>

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 0 comments |
headers
Alvaro Lopez Ortega | 6 Apr 2010 16:46
Favicon
Gravatar

Re: Sporadic SSL Bad signature Error

On 06/04/2010, at 15:53, Ryan McIntosh wrote:

> Even with an hourly restart, this error is still occuring sporadically.  Once further piece of
information I didn't realize may be significant before is that I have not configured DH parameters.  I'm
not sure if they're at all necessary as SSL was still working and I've never had to do this with any other
webserver.  Are the DH parameters are used for generating the session keys?  Perhaps creating DH parameter
files will do something for me?

The DH parameters file does not have anything to do with the problem, I'm quite sure about that.

I still believe that the problem is somehow related to keep-alive, unfinished connections, bad
content-lenght and/or bad content-encoding.

> I will test and write back.

Thanks for all the finding and reports!

--
Octality
http://www.octality.com/
Permalink | Reply | 0 comments |
headers
Ryan McIntosh | 7 Apr 2010 14:31
Picon

Re: Sporadic SSL Bad signature Error

Since I turned off gzip encoding in the config this problem hasn't reared it's head yet.  I'll let it run like this for another couple of days for a longer term test, but this seems promising.

I realized something last night though that I am slapping myself for not flagging earlier.  This configuration uses virtual hosts.  The SSL_BAD_SIGNATURE error only occurs on one virtual host when it happens.  It's not always the same one.  Sometimes it's admin.bestbridalprices.com and sometimes it's www.bestbridalprices.com  I've never seen it on any other virtual host.  The configuration is not using a wildcard ssl certificate - the non www virtual hosts are for internal use only.

Since some virtual hosts work fine when the problem is occuring on another, it leads me to believe that whatever error is occuring AFTER the SSL handshake and at least before the http-host header is sent - possibly after.  The problem is arising during the HTTP portion of the communication.  Definately a significant clue.  It is no wonder openssl s_client wasn't producing any meaningful errors but for the one time.  It makes me wonder if the error I did see the once was unrelated.

Ryan

On Tue, Apr 6, 2010 at 12:05 PM, Ryan McIntosh <thebigslide <at> gmail.com> wrote:
You're correct.  Adding the DH Parameter files did not resolve anything.  I just had to restart the server again.

Anything else I can try?

Alvaro, you mention bad content-length and/or bad content-encoding.  I'll try disabling gzip. 

When cherokee calculates content-length, does it consider encodings, or does it just count bytes?  I'm not familiar enough with HTTP to know if that's a dumb question or not.

Ryan


On Tue, Apr 6, 2010 at 9:46 AM, Alvaro Lopez Ortega <alvaro <at> octality.com> wrote:
On 06/04/2010, at 15:53, Ryan McIntosh wrote:

> Even with an hourly restart, this error is still occuring sporadically.  Once further piece of information I didn't realize may be significant before is that I have not configured DH parameters.  I'm not sure if they're at all necessary as SSL was still working and I've never had to do this with any other webserver.  Are the DH parameters are used for generating the session keys?  Perhaps creating DH parameter files will do something for me?

The DH parameters file does not have anything to do with the problem, I'm quite sure about that.

I still believe that the problem is somehow related to keep-alive, unfinished connections, bad content-lenght and/or bad content-encoding.

> I will test and write back.

Thanks for all the finding and reports!


_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee
Permalink | Reply | 1 comment |
headers
Alvaro Lopez Ortega | 7 Apr 2010 14:48
Favicon
Gravatar

Re: Sporadic SSL Bad signature Error

Hi Ryan,

That is REALLY interesting.  Could you please check whether the problem shows up if you access different
virtual servers from the same browser?

On 07/04/2010, at 14:31, Ryan McIntosh wrote:

> Since I turned off gzip encoding in the config this problem hasn't reared it's head yet.  I'll let it run like
this for another couple of days for a longer term test, but this seems promising.
> 
> I realized something last night though that I am slapping myself for not flagging earlier.  This
configuration uses virtual hosts.  The SSL_BAD_SIGNATURE error only occurs on one virtual host when it
happens.  It's not always the same one.  Sometimes it's admin.bestbridalprices.com and sometimes it's
www.bestbridalprices.com  I've never seen it on any other virtual host.  The configuration is not using a
wildcard ssl certificate - the non www virtual hosts are for internal use only.
> 
> Since some virtual hosts work fine when the problem is occuring on another, it leads me to believe that
whatever error is occuring AFTER the SSL handshake and at least before the http-host header is sent -
possibly after.  The problem is arising during the HTTP portion of the communication.  Definately a
significant clue.  It is no wonder openssl s_client wasn't producing any meaningful errors but for the one
time.  It makes me wonder if the error I did see the once was unrelated.
> 
> Ryan
> 
> On Tue, Apr 6, 2010 at 12:05 PM, Ryan McIntosh <thebigslide <at> gmail.com> wrote:
> You're correct.  Adding the DH Parameter files did not resolve anything.  I just had to restart the server again.
> 
> Anything else I can try?
> 
> Alvaro, you mention bad content-length and/or bad content-encoding.  I'll try disabling gzip.  
> 
> When cherokee calculates content-length, does it consider encodings, or does it just count bytes?  I'm
not familiar enough with HTTP to know if that's a dumb question or not.
> 
> Ryan
> 
> 
> On Tue, Apr 6, 2010 at 9:46 AM, Alvaro Lopez Ortega <alvaro <at> octality.com> wrote:
> On 06/04/2010, at 15:53, Ryan McIntosh wrote:
> 
> > Even with an hourly restart, this error is still occuring sporadically.  Once further piece of
information I didn't realize may be significant before is that I have not configured DH parameters.  I'm
not sure if they're at all necessary as SSL was still working and I've never had to do this with any other
webserver.  Are the DH parameters are used for generating the session keys?  Perhaps creating DH parameter
files will do something for me?
> 
> The DH parameters file does not have anything to do with the problem, I'm quite sure about that.
> 
> I still believe that the problem is somehow related to keep-alive, unfinished connections, bad
content-lenght and/or bad content-encoding.
> 
> > I will test and write back.
> 
> Thanks for all the finding and reports!
> 
> --
> Octality
> http://www.octality.com/
> 
> 
> 

--
Octality
http://www.octality.com/
Permalink | Reply | 0 comments |
headers
Henrique Carvalho Alves | 10 Apr 2010 00:23
Picon
Gravatar

File upload stalls: Django + FastCGI + threaded mode

I've sent a message to the list before about this problem, but I wasn't able to pinpoint the cause. Now I
believe I got it.

I have a Django app served with FastCGI to Cherokee, using threaded mode in order to avoid some database
issues. My daemon line is like this:

	python /storage/test/colibri/manage.py runfcgi protocol=fcgi socket=/tmp/test-fcgi.sock
pidfile=/tmp/test-fcgi.pid method=threaded debug=true

I have keep-alive and chunked encoding disabled. If I request a form page with an upload input, and right
after I try to upload a file (any file, doesn't matter the file size), it works fine. But, if I request the
form page, have the browser sit idle for sometime, and after that I try to initiate the upload, Cherokee
stalls on file uploading.

This happens regardless of my keep-alive configuration, but always happens if I'm using threaded mode.
With prefork, I don't see the issue.

Now, I don't believe this bug is related to Django itself, neither I should have this strange behaviour with
threaded mode. I'm considering it's something wrong on Cherokee, because the behaviour looks like a
keep-alive problem.

Unfortunately, I'm unable to debug more than this. I request if someone can please take a look at this issue
and try to reproduce it with a Django app (1.1) deployed the same way as me + Cherokee 0.99.44. Running
Django with prefork got it's share of problems already, so it's preferred to use it in threaded mode. Now I
can't use either, because either I got database problems, or I got those Cherokee file upload problems.

Thanks!
Permalink | Reply | 3 comments |
headers
Henrique Carvalho Alves | 10 Apr 2010 00:42
Picon
Gravatar

Re: File upload stalls: Django + FastCGI + threaded mode

Sorry: in fact, this also happens with prefork mode too.

The only consistent way I can reproduce this problem, is waiting before initiating the upload. Looks like
something wrong on Cherokee or the way I'm configuring it.

I look at the HTTP requests and they look fine. When the problem happens, I see it only transferred the first
few bytes, and then stalls. Tested on Firefox, Safari and Chrome.

I'm completely lost and have no idea how to debug any further. I really need some help on this one, or my only
solution is going back to Apache.

Thanks again!

Em 09/04/2010, às 19:23, Henrique Carvalho Alves escreveu:

> I've sent a message to the list before about this problem, but I wasn't able to pinpoint the cause. Now I
believe I got it.
> 
> I have a Django app served with FastCGI to Cherokee, using threaded mode in order to avoid some database
issues. My daemon line is like this:
> 
> 	python /storage/test/colibri/manage.py runfcgi protocol=fcgi socket=/tmp/test-fcgi.sock
pidfile=/tmp/test-fcgi.pid method=threaded debug=true
> 
> I have keep-alive and chunked encoding disabled. If I request a form page with an upload input, and right
after I try to upload a file (any file, doesn't matter the file size), it works fine. But, if I request the
form page, have the browser sit idle for sometime, and after that I try to initiate the upload, Cherokee
stalls on file uploading.
> 
> This happens regardless of my keep-alive configuration, but always happens if I'm using threaded mode.
With prefork, I don't see the issue.
> 
> Now, I don't believe this bug is related to Django itself, neither I should have this strange behaviour
with threaded mode. I'm considering it's something wrong on Cherokee, because the behaviour looks like a
keep-alive problem.
> 
> Unfortunately, I'm unable to debug more than this. I request if someone can please take a look at this issue
and try to reproduce it with a Django app (1.1) deployed the same way as me + Cherokee 0.99.44. Running
Django with prefork got it's share of problems already, so it's preferred to use it in threaded mode. Now I
can't use either, because either I got database problems, or I got those Cherokee file upload problems.
> 
> Thanks!
Permalink | Reply | 2 comments |
headers
mario alejandro | 10 Apr 2010 20:32
Favicon
Gravatar

Can't compile in Joyent/OpenSolaris (make hang)

I'm trying to replace apache with cherokee, and in the "make" step the
process hang forever. I get the last snapshot and follow the unix
installation steps.

What I can do?

--

-- 
Mario A.Montoya
Gerente
http://www.elmalabarista.com
Permalink | Reply | 2 comments |

Gmane