ssl debugging

Brad Fitzpatrick brad at danga.com
Wed Apr 2 22:45:43 UTC 2008


On Wed, Apr 2, 2008 at 3:39 PM, Bill Moseley <moseley at hank.org> wrote:

> On Wed, Apr 02, 2008 at 03:14:09PM -0700, Ask Bjørn Hansen wrote:
> >
> > On Apr 2, 2008, at 15:06, Bill Moseley wrote:
> >
> > >That's where directory indexes work fine under SSL but fetching files
> > >returns the SSL error.
> >
> >
> > Eeek - my apologies, I'm obviously half asleep at the wheel here.  I
> > don't use the file serving mode in perlbal, sorry!
>
> No problem -- hidden config setting.
>
> Should I assume that SSL and the web_server role do not work together
> and move on?  I have an Apache running behind perlbal that can serve
> static content.


That is correct:  SSL only works for proxying, not for serving.

The problem is the web_server role proceeds to do a sendfile() right to the
raw socket, sending unencrypted data right onto the already-SSL-connected
socket, corrupting the stream.

Somebody should fix that.  :-)  At least make it a config error to try that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/perlbal/attachments/20080402/3d1390ca/attachment.htm 


More information about the perlbal mailing list