From owner-apache@oss.sgi.com Wed Sep 12 13:32:58 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f8CKWwr18585 for apache-outgoing; Wed, 12 Sep 2001 13:32:58 -0700 Received: from pomfret.net (nobody@[208.3.174.161]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f8CKWue18582 for ; Wed, 12 Sep 2001 13:32:57 -0700 Received: from webmaster1 (cz-cblk-150-12-150.cyberzone.net [209.150.12.150]) by pomfret.net with ESMTP id QAA13133 for ; Wed, 12 Sep 2001 16:32:57 -0400 Date: Wed, 12 Sep 2001 16:39:11 -0400 From: Brian Curtis X-Mailer: The Bat! (v1.53d) Business Reply-To: Brian Curtis Organization: Pomfret Computer Technologies, LLC X-Priority: 3 (Normal) Message-ID: <151513674504.20010912163911@pomfret.net> To: apache@oss.sgi.com Subject: Apache 1.3.20: 10X and mod_ssl 2.8.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-apache@oss.sgi.com Precedence: bulk Any results of this combination/process documented somehwere? I've had great success not including mod_ssl. I've also tried my best to incorporate all the mod_ssl patches by hand after 10x, but still ran into a few problems -- especially with the way the 10x patches modified buff.c. ~750 requests per second (ssl, no 10x - ab) compared to 3000+ requests per second (non-ssl, x10 - ab) is a performance gap I'd like to close a bit it at all possible. All suggestions welcome and appreciated. -- Best regards, Brian Curtis From owner-apache@oss.sgi.com Wed Sep 12 14:09:09 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f8CL99N19620 for apache-outgoing; Wed, 12 Sep 2001 14:09:09 -0700 Received: from rj.sgi.com (rj.sgi.com [204.94.215.100]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f8CL98e19617 for ; Wed, 12 Sep 2001 14:09:08 -0700 Received: from trudge.engr.sgi.com (trudge.engr.sgi.com [163.154.38.51]) by rj.sgi.com (8.11.4/8.11.4/linux-outbound_gateway-1.0) with ESMTP id f8CL93500854 for ; Wed, 12 Sep 2001 14:09:03 -0700 Received: (from mja@localhost) by trudge.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) id OAA34014; Wed, 12 Sep 2001 14:07:47 -0700 (PDT) From: mja@trudge.engr.sgi.com (Mike Abbott) Message-Id: <200109122107.OAA34014@trudge.engr.sgi.com> Subject: Re: Apache 1.3.20: 10X and mod_ssl 2.8.4 To: bcurtis@pomfret.net Date: Wed, 12 Sep 2001 14:07:47 -0700 (PDT) Cc: apache@oss.sgi.com In-Reply-To: <151513674504.20010912163911@pomfret.net> from "Brian Curtis" at Sep 12, 2001 04:39:11 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-apache@oss.sgi.com Precedence: bulk Apply the 10x patch first, then the mod_ssl patch. Identify the conflicts. For each conflict, examine the corresponding parts of the 10x patch and mod_ssl patches individually to determine the reason each changed that code. Then merge the conflicts by hand. For example, the 10x patches rewrite sections of buff.c to make better use of writev. The mod_ssl patches modify the same sections to redirect network I/O system calls through ssl wrappers. These conflict, and the answer is to edit the code yourself to honor the intent of both patches. Where 10x changes write to writev, you must change the mod_ssl modification similarly. I recall there being only one or two places requiring any thought. The rest should be fairly straightforward. -- Michael J. Abbott mja@sgi.com www.repbot.org/mike From owner-apache@oss.sgi.com Wed Sep 12 14:53:22 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f8CLrM420807 for apache-outgoing; Wed, 12 Sep 2001 14:53:22 -0700 Received: from pomfret.net (nobody@[208.3.174.161]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f8CLrHe20803 for ; Wed, 12 Sep 2001 14:53:17 -0700 Received: from webmaster1 (cz-cblk-150-12-150.cyberzone.net [209.150.12.150]) by pomfret.net with ESMTP id RAA16828; Wed, 12 Sep 2001 17:52:56 -0400 Date: Wed, 12 Sep 2001 17:59:10 -0400 From: Brian Curtis X-Mailer: The Bat! (v1.53d) Business Organization: Pomfret Computer Technologies, LLC X-Priority: 3 (Normal) Message-ID: <80518472774.20010912175910@pomfret.net> To: mja@trudge.engr.sgi.com ((Mike Abbott)) CC: apache@oss.sgi.com Subject: Re[2]: Apache 1.3.20: 10X and mod_ssl 2.8.4 In-Reply-To: <200109122107.OAA34014@trudge.engr.sgi.com> References: <200109122107.OAA34014@trudge.engr.sgi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-apache@oss.sgi.com Precedence: bulk Hello Mike, Wednesday, September 12, 2001, 5:07:47 PM, you wrote: MA> Apply the 10x patch first, then the mod_ssl patch. Identify the MA> conflicts. For each conflict, examine the corresponding parts of the MA> 10x patch and mod_ssl patches individually to determine the reason each MA> changed that code. Then merge the conflicts by hand. These are the steps I took, as documented by the 10x faq and mailing list archives. MA> For example, the 10x patches rewrite sections of buff.c to make better MA> use of writev. The mod_ssl patches modify the same sections to MA> redirect network I/O system calls through ssl wrappers. These conflict, MA> and the answer is to edit the code yourself to honor the intent of both MA> patches. Where 10x changes write to writev, you must change the mod_ssl MA> modification similarly. Not being a Linux programmer, I can only go on bits and pieces I pick here and there. The 10x buff.c changes really threw me for a loop. I couldn't / still can't figure out where to put the relevant mod_ssl changes (listed below) after the 10x patch got through with it. + #ifdef EAPI + if (!ap_hook_call("ap::buff::writev", &rv, fb, &vec[i], nvec -i)) + #endif /* EAPI */ The function these lines were supposed to be placed in was completely changed to all of one line by 10x. These are the problems I'm trying to overcome at the moment: buff.c: In function `writev_it_all': buff.c:1113: `rv' undeclared (first use in this function) buff.c:1113: (Each undeclared identifier is reported only once buff.c:1113: for each function it appears in.) buff.c:1113: `i' undeclared (first use in this function) buff.c:1116: warning: control reaches end of non-void function Totally lost here. Tried moving the three mod_ssl lines around w/o success. Also tried renaming &rv to &rval which didn't help. Obviously I haven't found the magic position and/or modifications for these lines. MA> I recall there being only one or two places requiring any thought. The MA> rest should be fairly straightforward. Yes, I had figured the same. By comparing the original sources and both 10x and mod_ssl patches, everything seemed pretty simple to fold in -- except the mod_ssl buff.c related modifications. Thanks for the response. -- Best regards, Brian Curtis From owner-apache@oss.sgi.com Tue Sep 25 13:26:42 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f8PKQg301854 for apache-outgoing; Tue, 25 Sep 2001 13:26:42 -0700 Received: from rj.sgi.com (rj.SGI.COM [204.94.215.100]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f8PKQeD01850 for ; Tue, 25 Sep 2001 13:26:40 -0700 Received: from yog-sothoth.sgi.com (eugate.neu.sgi.com [144.253.131.5]) by rj.sgi.com (8.11.4/8.11.4/linux-outbound_gateway-1.0) with ESMTP id f8PKQYL05729 for <@rj.corp.sgi.com:apache@oss.sgi.com>; Tue, 25 Sep 2001 13:26:34 -0700 Received: from trudge.engr.sgi.com (trudge.engr.sgi.com [163.154.38.51]) by yog-sothoth.sgi.com (980305.SGI.8.8.8-aspam-6.2/980304.SGI-aspam-europe) via ESMTP id WAA1120716 for ; Tue, 25 Sep 2001 22:26:30 +0200 (CEST) mail_from (mja@trudge.engr.sgi.com) Received: (from mja@localhost) by trudge.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) id NAA75517 for apache@oss.sgi.com; Tue, 25 Sep 2001 13:25:14 -0700 (PDT) From: mja@trudge.engr.sgi.com (Mike Abbott) Message-Id: <200109252025.NAA75517@trudge.engr.sgi.com> Subject: Re: Re[2]: Apache 1.3.20: 10X and mod_ssl 2.8.4 To: apache@oss.sgi.com Date: Tue, 25 Sep 2001 13:25:13 -0700 (PDT) In-Reply-To: <80518472774.20010912175910@pomfret.net> from "Brian Curtis" at Sep 12, 2001 05:59:10 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-apache@oss.sgi.com Precedence: bulk A merge of accelerated Apache/1.3.20 and mod_ssl 2.8.4 is now available for your reference. You still need to download all the components and follow mod_ssl's instructions. The merge is simply to help resolve the patch conflicts. Hope this helps. http://oss.sgi.com/projects/apache/patchinfo-1.3.20.html#ssl -- Michael J. Abbott mja@sgi.com www.repbot.org/mike From owner-apache@oss.sgi.com Wed Sep 26 08:54:04 2001 Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f8QFs4h23974 for apache-outgoing; Wed, 26 Sep 2001 08:54:04 -0700 Received: from pomfret.net (nobody@[208.3.174.161]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f8QFs0D23970 for ; Wed, 26 Sep 2001 08:54:00 -0700 Received: from webmaster1 (cz-cblk-150-16-229.cyberzone.net [209.150.16.229]) by pomfret.net with ESMTP id LAA28588 for ; Wed, 26 Sep 2001 11:54:00 -0400 Date: Wed, 26 Sep 2001 12:01:10 -0400 From: Brian Curtis X-Mailer: The Bat! (v1.53d) Business Organization: Pomfret Computer Technologies, LLC X-Priority: 3 (Normal) Message-ID: <80741192248.20010926120110@pomfret.net> To: apache@oss.sgi.com Subject: Re[4]: Apache 1.3.20: 10X and mod_ssl 2.8.4 In-Reply-To: <200109252025.NAA75517@trudge.engr.sgi.com> References: <200109252025.NAA75517@trudge.engr.sgi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-apache@oss.sgi.com Precedence: bulk (I had inadvertently sent this directly to Mike. Apologies.) Hello Mike, Tuesday, September 25, 2001, 4:25:13 PM, you wrote: MA> A merge of accelerated Apache/1.3.20 and mod_ssl 2.8.4 is now available MA> for your reference. You still need to download all the components and MA> follow mod_ssl's instructions. The merge is simply to help resolve the MA> patch conflicts. Hope this helps. The effort is very much appreciated! However, the patched version compiles fine, but is very unstable for me on a RHL 7.1 x86 box (all updates). The logs show "successful" negotiation and content serving to the client. No error messages, no segfaults, no core dumps. The problem I'm seeing seems to be some sort of an unexpected / early disconnection of the browser from the webserver. I've tried IE & NS 6 (SSLv3) on WIN2k and Mozilla (TLSv1) & Konqueror 2.1.1 (SSLv3) under X11 (same box the webserver resides on). For example, the initial "You succeeded in installing the software" screen loads fine on all browsers that I've tried. Going beyond that is pot-luck. NS6 can't get beyond that page (no errors, just doesn't move when you click on a link). IE 6 can only get to chapter 3 of the mod_ssl manual and bits of the apache manual (rest produce the infamous MS "DNS Error". Mozilla can't get beyond the initial page (same as NS6). Neither can Konqueror (which reports "connection to host is broken" when trying to proceed beyond initial page). All browsers are properly served a 404 or 400 error page. I've tried compiling against the pre-installed RH OpenSSL libraries, and also against freshly downloaded / configured v0.9.6b sources. Doesn't seem to make a difference. Compiling w/o the 10x patches produces a fully working mod_ssl enabled server, and the exact same logfile content (!). I'm following the mod_ssl instructions exactly, including mm-1.1.3. Any ideas where I'm going wrong? -- Best regards, Brian Curtis