[ic] Mod Interchange and Netscape

Dan Browning interchange-users@icdevgroup.org
Mon Jun 24 19:55:00 2002


At 07:47 PM 6/20/2002 +0000, you wrote:
>On Thu, 20 Jun 2002 10:43:52 -0700 (PDT), interch wrote:
>
> >
> >
> >I found someone that had exactly this problem and posted it on the list.
> >Unfortunately I can't remember who it was since I found it on google.
> >
> >The problem is this.  When using mod interchange netscape browsers only
> >get the first 7900 (aprox) bytes of data.  The error in the apache logs is
> >this:
> >
> >[Sun Jun 16 08:03:57 2002] [error] access to /P1005240/order failed for
> >68.45.154.21, reason: error while sending response
> >[Sun Jun 16 08:04:19 2002] [error] mod_ssl: SSL error on writing data
> >(OpenSSL library error follows)
> >[Sun Jun 16 08:04:19 2002] [error] OpenSSL: error:1409F07F:SSL
> >routines:SSL3_WRITE_PENDING:bad write retry
>
>I can confirm this error, and it seems to be common with large pages of
>say 12 Kb or so.
>
> >This happens consistantly with Netscape, MSIE works fine.  This is with IC
> >4.8.3 and the stock apache-modssl rpm that comes with redhat 7.2.  WHen
> >using the cgi link the problem disappears.
>
>I'm not sure about it being only Nutscrape, though it's quite likely. 
>However,
>it only seems to happen via the internet - using a local connection with
>everything on the same box this error never (for me) happens. The remote
>boxes are running Apache 1.3.23, OpenSSL 0.9.6c, IC 4.8.3. Locally, it's
>Apache 1.3.22, OpenSSL 0.9.6b, IC 4.8.3 (on OS/2, with a patch to define
>both SUN_LEN and inet_aton - these are defined in Linux but not OS/2.
>I can send you the patch if you're interested in trying a possibly different
>#define. I'll also try it and see what happens, though I suspect it's more
>likely to be latency issues)
>-
>Cheers
>Lyn St George

I too can confirm this error, as I and one other have already reported it 
to the mailing list.  The content of my archived post follows, but perhaps 
the recently-committed work by Kevin Walsh on mod_interchange can be tested 
for this issue as well.

Good luck, -Dan.


From: <dbml@kavod.com>
To: <interchange-users@ic.redhat.com>
Date: Fri, 22 Feb 2002 13:57:52 -0800

I'm reporting a problem with a workaround that has hit at least one
other person in the past (archive message below). Just in case others
have (or will) hit it, I'm posting the bug description here.
### Environment: ###
Red Hat 7.2, P-III 1.2, SCSI (dedicated server)
Apache/1.3.22
mod_ssl/2.8.5
OpenSSL/0.9.6b
+ IC 4.8.3 using mod_interchange
### Problem: ###
Mozilla (all versions, tested 0.9.8 and nightly 2/21/02) browsers only
get first 7,937 bytes when using mod_interchange, but work perfectly
when using a regular cgi-bin link.
Apache error_log:
[Fri Feb 22 13:26:51 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Fri Feb 22 13:26:51 2002] [error] OpenSSL:
error:1409F07F:lib(20):func(159):reason(127)
[Fri Feb 22 13:26:51 2002] [error] access to /ds/test_ssl.html failed
for 63.145.198.45, reason: error while sending response
(No Interchange error log)
### Work-around: ###
Use the cgi-bin link instead of mod_interchange.
I hope that helps someone. If anyone is using the above combination of
software and it is working with Mozilla, I would love to hear about it.
I'm happy with the workaround, but perhaps an enterprising someone will
find the druthers to fix it. :-)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Dan Browning, Sr. Tech Consultant
| Kavod Technologies, 1498 SE Tech Center Pl Ste 170
| Vancouver, WA 98683 <dan.browning@kavod.com>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If today is the first day of the rest of your life, what the hell was
yesterday?
(Posted by Scott Moat)
http://interchange.redhat.com/pipermail/interchange-users/2001-May/00803
4.html
 > I am having a weird problem. I upgraded everything
 > (interchange, linux,
 > apache, ect.) and setup mod-interchange. But the check out button
 > doesnt
 > work on some systems. (like mine) It will work sometimes and it will
 > always
 > work when I use open link in new window. I appears like it
 > tries a few
 > times and then comes up I have tried this on a few other
 > systems with IE
 > and
 > most of those will actually get to the checkout page and then get a
 > different error. All of them that I have tried that have problems are
 > either behind a firewall or my system is on through a proxy
 > server. Any
 > thoughts this is the error in the ssl-error.log
 >
 > [Sun May 13 20:19:59 2001] [error] mod_ssl: SSL error on writing data
 > (OpenSSL library error follows)
 > [Sun May 13 20:19:59 2001] [error] OpenSSL: error:1409F07F:SSL
 > routines:SSL3_WRITE_PENDING:bad write retry
 > [Sun May 13 20:19:59 2001] [error] access to
 > /store/process.html failed
 > for
 > 192.168.0.16, reason: error while sending response
 > [Sun May 13 20:19:59 2001] [error] (104)Connection reset by
 > peer: access
 > to
 > /store/process.html failed for 192.168.0.16, reason: error sending
 > headers
 > to client
 >
 > it was suggested before that I may not have the ssl virtual
 > server setup
 > properly. i think it is but I am not 100% sure
 >
 > I seen this from Mike in an email message answering this
 > question but I
 > unfortunately need it to be laid out a little clearer. I have my own
 > certificate. If I need to do the 3 steps, how do I do them I
 > am still a
 > newbie at all this.
 >
 > Thanks,
 >
 > Scott
 >
 >
 > I have been dealing with this one for four years and I am still
 > waiting...
 > 8-)
 >
 > As far as I can tell, the problem is the splitting of the domains.
 > There are situations with proxy servers, cookies, and such that cannot
 > be dealt with to my knowledge.
 >
 > The best I have been able to come up with is:
 >
 > 1. Use "WideOpen Yes" (catalog.cfg) to ignore the
 > host-qualification
 > Accompany this with "SessionExpire 20 minutes" to make security
 > better.
 > 2. Use GET method on the basket form for transitioning to
 > checkout.
 > 3. Use the "Mall Yes" (minivend.cfg) directive to cover the case
 > where people get cookies from more than one store on your servers.
 >
 > What really solves it is getting an SSL cert and keeping everything
 > in the same domain. I strongly recommend this to my clients, telling
 > them they will easily eat up the cost in consulting time and lost
 > business. Trying to save $125 by not buying a cert is a very false
 > economy.