SSL connection drop with large content, posted by HyonSan Seo on Mon Aug 10 07:56:43 2020
|
Dear all,
I had some difficulty to upload large files (>20MB) with SSL connection. I think it is also related to https://elog.psi.ch/elogs/Forum/68636
During debuging, I found that, when uploading large files, ssl connection is dropped since 'SSL_read' function returns -1.
But it doesn't alway mean broken connection. It may be "SSL_ERROR_WANT_READ".
I changed the "server_loop" function in the source code to "continue" when it is SSL_ERROR_WANT_READ. And it fixed the problem.
Here is my code.
## elogd.c "server_loop" function L30031
if (FD_ISSET(_sock, &readfds)) {
#ifdef HAVE_SSL
if (_ssl_flag){
i = SSL_read(_ssl_con, net_buffer + len, net_buffer_size - len);
if(i<=0){
int ssl_error=SSL_get_error(_ssl_con,i); ## check ssl error code
if(ssl_error==SSL_ERROR_WANT_READ||ssl_error==SSL_ERROR_WANT_WRITE) continue; ## if ssl wants more, continue
}
}
else
#endif
i = recv(_sock, net_buffer + len, net_buffer_size - len, 0);
I am ignorant about networking. Some experts on ssl connection would know a better way to deal with this problem.
Best,
HyonSan Seo
|
Re: SSL connection drop with large content, posted by Stefan Ritt on Mon Aug 10 08:33:42 2020
|
Your solution sounds quite good, I will incorporate them in the distribution.
Stefan
| HyonSan Seo wrote: |
|
Dear all,
I had some difficulty to upload large files (>20MB) with SSL connection. I think it is also related to https://elog.psi.ch/elogs/Forum/68636
During debuging, I found that, when uploading large files, ssl connection is dropped since 'SSL_read' function returns -1.
But it doesn't alway mean broken connection. It may be "SSL_ERROR_WANT_READ".
I changed the "server_loop" function in the source code to "continue" when it is SSL_ERROR_WANT_READ. And it fixed the problem.
Here is my code.
## elogd.c "server_loop" function L30031
if (FD_ISSET(_sock, &readfds)) {
#ifdef HAVE_SSL
if (_ssl_flag){
i = SSL_read(_ssl_con, net_buffer + len, net_buffer_size - len);
if(i<=0){
int ssl_error=SSL_get_error(_ssl_con,i); ## check ssl error code
if(ssl_error==SSL_ERROR_WANT_READ||ssl_error==SSL_ERROR_WANT_WRITE) continue; ## if ssl wants more, continue
}
}
else
#endif
i = recv(_sock, net_buffer + len, net_buffer_size - len, 0);
I am ignorant about networking. Some experts on ssl connection would know a better way to deal with this problem.
Best,
HyonSan Seo
|
|
|
Re: SSL does not work, posted by Stefan Ritt on Wed Aug 26 20:41:50 2020
|
Today I succeeded with the help of L.JR to produce a new RPM which contains SSL, KRB5, PAM and LDAP support. It's uploaded to https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm
| Hisataka YOSHIDA wrote: |
|
Dear Stefan,
Thank you for your comment. I successfuly compiled the latest elog from source code, and now elogd could work with SSL.
In fact, I reported the case of installation with rpm file. Maybe, the latest elog rpm doesn't support SSL, I guess.
The installtion with rpm file is easier to build the common environment, so I hope the next rpm will support the SSL.
best regards,
Hisataka YOSHIDA
| Stefan Ritt wrote: |
|
When you compile elog from the soruces, you need the OpenSSL library to be installed. The CMake build process will then find it and include it in the compile process. When you use the "make" build process, you have to make sure that SSL is enabled there:
USE_SSL = 1
To install the OpenSSL library, you can do on most systems something like "sudo yum install openssl-dev" or "sudo apt-get install openssl-dev"
/Stefan
| Hisataka YOSHIDA wrote: |
|
Hello.
I installed the latest elog (3.1.4-2) in CentOS 7, and it is working well without SSL.
When I enalbled SSL option (SSL = 1) in the "elogd.cfg", and tried to start the elogd, the message below was shown and failed to run.
SSL support not compiled into elogd
If I switched the elog to older one (3.1.4-1), I could successeed to run the elogd with SSL option.
Is there any other option required in the latest elog to run with SSL? Or is this bug in the latest version?
Thank you,
Hisataka YOSHIDA
|
|
|
|
Bug report. "Submit" button misbehave, posted by Andrey on Tue Sep 22 18:54:04 2020
|
Hi.
I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you.
Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.
Since then, we have a particular problem. And finally, I managed to reproduce it.
So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost).
I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode?
Also, we ran httpd configured with the elogd as a virtual host (proxy).
Any help is very appreciated.
Cheers,
Andrey
|
|
SOLVED, posted by Andrey on Wed Sep 23 11:51:57 2020
|
Hi again. We have solved our problem!
It was caused by a non-defined mod_auth_openidc configuration parameter:
# Interval in seconds after which the session will be invalidated when no interaction has occurred.
# When not defined, the default is 300 seconds.
#OIDCSessionInactivityTimeout <seconds>
As a guess... This somehow makes elogd to forget a user who is editing an entry. And then, clicking "Submit" button makes elogd to start a new session?
| Andrey wrote: |
|
Hi.
I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you.
Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.
Since then, we have a particular problem. And finally, I managed to reproduce it.
So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost).
I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode?
Also, we ran httpd configured with the elogd as a virtual host (proxy).
Any help is very appreciated.
Cheers,
Andrey
|
|
Loose of Data, posted by Lahreche Abdelmadjid on Sun Sep 27 16:03:48 2020
|
Hi,
Since few days I Notice that I've some data who disappear from ELOG (software).
I find them on ELog/Logbooks, but can't view them in the application ELOG !
Is there a solution ?
Thanks. |
|
Re: Loose of Data, posted by Lahreche Abdelmadjid on Sun Sep 27 16:10:06 2020
|
Oh! I can view all data but only from the PC where ELOG is Installed !
From the other PC data missed.
| Lahreche Abdelmadjid wrote: |
|
Hi,
Since few days I Notice that I've some data who disappear from ELOG (software).
I find them on ELog/Logbooks, but can't view them in the application ELOG !
Is there a solution ?
Thanks.
|
|
|
Re: Loose of Data, posted by Lahreche Abdelmadjid on Sun Sep 27 16:40:16 2020
|
The solution is in the reindex
| Lahreche Abdelmadjid wrote: |
|
Oh! I can view all data but only from the PC where ELOG is Installed !
From the other PC data missed.
| Lahreche Abdelmadjid wrote: |
|
Hi,
Since few days I Notice that I've some data who disappear from ELOG (software).
I find them on ELog/Logbooks, but can't view them in the application ELOG !
Is there a solution ?
Thanks.
|
|
|
|