[ic] Mod Interchange and Netscape
Dan Browning
interchange-users@icdevgroup.org
Mon Jun 24 19:55:00 2002
At 07:47 PM 6/20/2002 +0000, you wrote:
>On Thu, 20 Jun 2002 10:43:52 -0700 (PDT), interch wrote:
>
> >
> >
> >I found someone that had exactly this problem and posted it on the list.
> >Unfortunately I can't remember who it was since I found it on google.
> >
> >The problem is this. When using mod interchange netscape browsers only
> >get the first 7900 (aprox) bytes of data. The error in the apache logs is
> >this:
> >
> >[Sun Jun 16 08:03:57 2002] [error] access to /P1005240/order failed for
> >68.45.154.21, reason: error while sending response
> >[Sun Jun 16 08:04:19 2002] [error] mod_ssl: SSL error on writing data
> >(OpenSSL library error follows)
> >[Sun Jun 16 08:04:19 2002] [error] OpenSSL: error:1409F07F:SSL
> >routines:SSL3_WRITE_PENDING:bad write retry
>
>I can confirm this error, and it seems to be common with large pages of
>say 12 Kb or so.
>
> >This happens consistantly with Netscape, MSIE works fine. This is with IC
> >4.8.3 and the stock apache-modssl rpm that comes with redhat 7.2. WHen
> >using the cgi link the problem disappears.
>
>I'm not sure about it being only Nutscrape, though it's quite likely.
>However,
>it only seems to happen via the internet - using a local connection with
>everything on the same box this error never (for me) happens. The remote
>boxes are running Apache 1.3.23, OpenSSL 0.9.6c, IC 4.8.3. Locally, it's
>Apache 1.3.22, OpenSSL 0.9.6b, IC 4.8.3 (on OS/2, with a patch to define
>both SUN_LEN and inet_aton - these are defined in Linux but not OS/2.
>I can send you the patch if you're interested in trying a possibly different
>#define. I'll also try it and see what happens, though I suspect it's more
>likely to be latency issues)
>-
>Cheers
>Lyn St George
I too can confirm this error, as I and one other have already reported it
to the mailing list. The content of my archived post follows, but perhaps
the recently-committed work by Kevin Walsh on mod_interchange can be tested
for this issue as well.
Good luck, -Dan.
From: <dbml@kavod.com>
To: <interchange-users@ic.redhat.com>
Date: Fri, 22 Feb 2002 13:57:52 -0800
I'm reporting a problem with a workaround that has hit at least one
other person in the past (archive message below). Just in case others
have (or will) hit it, I'm posting the bug description here.
### Environment: ###
Red Hat 7.2, P-III 1.2, SCSI (dedicated server)
Apache/1.3.22
mod_ssl/2.8.5
OpenSSL/0.9.6b
+ IC 4.8.3 using mod_interchange
### Problem: ###
Mozilla (all versions, tested 0.9.8 and nightly 2/21/02) browsers only
get first 7,937 bytes when using mod_interchange, but work perfectly
when using a regular cgi-bin link.
Apache error_log:
[Fri Feb 22 13:26:51 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Fri Feb 22 13:26:51 2002] [error] OpenSSL:
error:1409F07F:lib(20):func(159):reason(127)
[Fri Feb 22 13:26:51 2002] [error] access to /ds/test_ssl.html failed
for 63.145.198.45, reason: error while sending response
(No Interchange error log)
### Work-around: ###
Use the cgi-bin link instead of mod_interchange.
I hope that helps someone. If anyone is using the above combination of
software and it is working with Mozilla, I would love to hear about it.
I'm happy with the workaround, but perhaps an enterprising someone will
find the druthers to fix it. :-)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Dan Browning, Sr. Tech Consultant
| Kavod Technologies, 1498 SE Tech Center Pl Ste 170
| Vancouver, WA 98683 <dan.browning@kavod.com>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If today is the first day of the rest of your life, what the hell was
yesterday?
(Posted by Scott Moat)
http://interchange.redhat.com/pipermail/interchange-users/2001-May/00803
4.html
> I am having a weird problem. I upgraded everything
> (interchange, linux,
> apache, ect.) and setup mod-interchange. But the check out button
> doesnt
> work on some systems. (like mine) It will work sometimes and it will
> always
> work when I use open link in new window. I appears like it
> tries a few
> times and then comes up I have tried this on a few other
> systems with IE
> and
> most of those will actually get to the checkout page and then get a
> different error. All of them that I have tried that have problems are
> either behind a firewall or my system is on through a proxy
> server. Any
> thoughts this is the error in the ssl-error.log
>
> [Sun May 13 20:19:59 2001] [error] mod_ssl: SSL error on writing data
> (OpenSSL library error follows)
> [Sun May 13 20:19:59 2001] [error] OpenSSL: error:1409F07F:SSL
> routines:SSL3_WRITE_PENDING:bad write retry
> [Sun May 13 20:19:59 2001] [error] access to
> /store/process.html failed
> for
> 192.168.0.16, reason: error while sending response
> [Sun May 13 20:19:59 2001] [error] (104)Connection reset by
> peer: access
> to
> /store/process.html failed for 192.168.0.16, reason: error sending
> headers
> to client
>
> it was suggested before that I may not have the ssl virtual
> server setup
> properly. i think it is but I am not 100% sure
>
> I seen this from Mike in an email message answering this
> question but I
> unfortunately need it to be laid out a little clearer. I have my own
> certificate. If I need to do the 3 steps, how do I do them I
> am still a
> newbie at all this.
>
> Thanks,
>
> Scott
>
>
> I have been dealing with this one for four years and I am still
> waiting...
> 8-)
>
> As far as I can tell, the problem is the splitting of the domains.
> There are situations with proxy servers, cookies, and such that cannot
> be dealt with to my knowledge.
>
> The best I have been able to come up with is:
>
> 1. Use "WideOpen Yes" (catalog.cfg) to ignore the
> host-qualification
> Accompany this with "SessionExpire 20 minutes" to make security
> better.
> 2. Use GET method on the basket form for transitioning to
> checkout.
> 3. Use the "Mall Yes" (minivend.cfg) directive to cover the case
> where people get cookies from more than one store on your servers.
>
> What really solves it is getting an SSL cert and keeping everything
> in the same domain. I strongly recommend this to my clients, telling
> them they will easily eat up the cost in consulting time and lost
> business. Trying to save $125 by not buying a cert is a very false
> economy.