Loading ...
Sorry, an error occurred while loading the content.

Re: SSL SOAP::Transport::HTTP::Daemon Self-signed Certificates ???

Expand Messages
  • Vipin Gupta
    Hi, After spending hours in trying to sort out SSL timeout problem, I came to know that the problem lies in HTTP::Daemon::SSL. There is a call to sysread for
    Message 1 of 2 , Dec 22, 2005
    • 0 Attachment
      Hi,

      After spending hours in trying to sort out SSL timeout problem, I came
      to know that the problem lies in HTTP::Daemon::SSL. There is a call to
      "sysread" for reading the client request after SSL handshake. This
      call tries to read 2048 bytes of data from client. If the client is
      sending less than 2k data, server waits there & don't come out of
      sysread call. While client is waiting for response from server, server
      gets stuck in sysread call, which ultimately results in SSL timeout.

      I have written a patch to solve this problem with HTTP::Daemon::SSL.



      cd /usr/lib/perl5/site_perl/5.6.0/HTTP/Daemon
      diff SSL.pm.orig SSL.pm

      172,173c172,195

      < my $n = sysread($self, $_[0], 2048, length($_[0]));

      < print STDERR sprintf("sysread() just \$n=%s\n",(defined
      $n?$n:'undef')) if $DEBUG;

      ---

      >#################################################################

      >##################### Patch starts here #########################

      > my ($x,$n);

      > my $lent=1;

      > while($lent<=2048)

      > {

      > eval {

      > local $SIG{ALRM} = sub{die "alarm\n"};

      > alarm(1);

      > $n = sysread($self,$x,1);

      > alarm(0);

      > $_[0] = "$_[0]"."$x";

      > $lent++;

      > };

      > if($@)

      > {

      >

      > last;

      > }

      > }

      > $n=$lent;

      >##################### Patch ends here #########################

      >#################################################################

      > print STDERR sprintf("sysread() just \$n=%s\n",(defined
      $n?$n:'undef')) if $DEBUG;





      After adding this patch, My SSL Daemon & SSL soap client are
      communicating properly.

      I hope this will help & save your time.

      Cheers
      Vipin



      --- In soaplite@yahoogroups.com, vipin gupta <vipgup@y...> wrote:
      >
      > Hi,
      > I have modified SOAP::Transport::HTTP::Daemon to be used with SSL
      as directed in previous group mails. I have added new patch to
      HTTP.pm so that it can support SSL for daemon by using
      HTTP::Daemon::SSL perl module.
      > I created self signed certificates for server authentication.
      > I am running a Soap HTTP daemon server at port 443. The server
      code is as shown below:
      >
      >
      #**********************************************************************************
      > #*** SOAP Server
      > !/usr/bin/perl
      > use SOAP::Lite;
      > use SOAP::Transport::HTTP;
      > use IO::Socket::SSL;
      > use HTTP::Daemon::SSL;
      >
      > SOAP::Transport::HTTP::Daemon
      > -> new (ReuseAddr => 1, LocalAddr => '192.168.1.22',
      LocalPort => 443, Listen => 5, SSL_use_cert => 1,
      > SSL_cert_file => '/usr/local/cvsw/server.crt',
      SSL_key_file => '/usr/local/cvsw/server.key')
      > -> dispatch_to('cvs_service')
      > -> handle;
      >
      > package cvs_service;
      >
      > sub getCvsConfig
      > {
      > my $line = 1;
      > my(@configFile);
      > my $temp;
      > if(!open(CONFIG, "/etc/cvsw.conf"))
      > {
      > qx{touch /etc/cvsw.conf};
      > return "";
      > }
      > while($temp=<CONFIG>)
      > {
      > $configFile[$line]=$temp;
      > $line++;
      > }
      > close(CONFIG);
      > return @configFile;
      > }
      >
      > ## End of server code
      >
      #******************************************************************************************
      >
      #******************************************************************************************
      >
      #******************************************************************************************
      >
      > The Client code is as follows:
      >
      #******************************************************************************************
      >
      #******************************************************************************************
      > ## Client
      > #!/usr/bin/perl
      > use strict; # enforce variable declarations and quoting
      > use CGI qw(:standard);
      > use CGI::Cookie;
      > use Crypt::SSLeay;
      > use SOAP::Lite +trace => qw{trace debug};
      >
      > $ENV{HTTPS_DEBUG} = 1;
      > $ENV{HTTPS_VERSION} = '23';
      >
      > my $soap_response = SOAP::Lite
      > -> uri('cvs_service')
      > -> proxy("https://192.168.1.22")
      > -> getCvsConfig();
      >
      > if($soap_response->fault)
      > {
      > print
      ($soap_response->faultcode,$soap_response->faultstring,$soap_response->faultdetail);
      > }
      > else
      > {
      > print("Success");
      > }
      >
      #*******************************************************************************************
      >
      #*******************************************************************************************
      >
      #*******************************************************************************************
      >
      #*******************************************************************************************
      >
      > After running the server, when I run the client program in debug
      mode, it runs as shown below:
      >
      >
      #*******************************************************************************************
      >
      #*******************************************************************************************
      > ### Client output
      >
      #*******************************************************************************************
      >
      >
      > SOAP::Transport::new: ()
      > SOAP::Serializer::new: ()
      > SOAP::Deserializer::new: ()
      > SOAP::Parser::new: ()
      > SOAP::Lite::new: ()
      > SOAP::Transport::HTTP::Client::new: ()
      > SOAP::Lite::call: ()
      > SOAP::Serializer::envelope: ()
      > SOAP::Serializer::envelope: getCvsConfig
      > SOAP::Data::new: ()
      > SOAP::Data::new: ()
      > SOAP::Data::new: ()
      > SOAP::Data::new: ()
      > SOAP::Transport::HTTP::Client::send_receive:
      HTTP::Request=HASH(0x8427168)
      > SOAP::Transport::HTTP::Client::send_receive: POST
      https://192.168.1.22 HTTP/1.1
      > Accept: text/xml
      > Accept: multipart/*
      > Content-Length: 443
      > Content-Type: text/xml; charset=utf-8
      > SOAPAction: "cvs_service#getCvsConfig"
      >
      > <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
      xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
      SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
      xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
      xmlns:xsd="http://www.w3.org/1999/XMLSchema"><SOAP-ENV:Body><namesp1:getCvsConfig
      xmlns:namesp1="cvs_service"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
      > SSL_connect:before/connect initialization
      > SSL_connect:SSLv2/v3 write client hello A
      > SSL_connect:SSLv3 read server hello A
      > SSL_connect:SSLv3 read server certificate A
      > SSL_connect:SSLv3 read server done A
      > SSL_connect:SSLv3 write client key exchange A
      > SSL_connect:SSLv3 write change cipher spec A
      > SSL_connect:SSLv3 write finished A
      > SSL_connect:SSLv3 flush data
      > SSL_connect:SSLv3 read finished A
      >
      > *** It waits here for some time, & comes out with 500 SSL read
      timeout response.......
      >
      ******************************************************************************
      >
      > I have tried debugging it , but couldn't found the reason for this
      kind of behaviour.
      >
      > please help me if u can....
      >
      > regards
      > Vipin
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > __________________________________________________
      > Do You Yahoo!?
      > Tired of spam? Yahoo! Mail has the best spam protection around
      > http://mail.yahoo.com
      > __________________________________________________
      > Do You Yahoo!?
      > Tired of spam? Yahoo! Mail has the best spam protection around
      > http://mail.yahoo.com
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.