ssl "error reading the headers"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: apache2
I'm getting irregular "error reading the headers" error messages when using basic authentication over SSL on apache2 "2.2.14-5ubuntu8" on ubuntu 10.04. I enabled dumpio and it looks like the "Authorization" header is getting truncated. For example, the first item is a successful "GET" with authorization:
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 29 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): GET /dist/test.txt HTTP/1.1\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 26 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): Host: <removed>\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 27 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): Accept-Encoding: identity\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 35 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): Authorization: Basic bWU6ZG9iaWU=\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 2 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): \r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [eatcrlf-
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in - 70023
and the second failed example:
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 29 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): GET /dist/test.txt HTTP/1.1\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 26 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): Host: <removed>\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 27 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): Accept-Encoding: identity\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 8 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 9iaWU=\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): 3 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in (data-TRANSIENT): =\r\n
You can notice the "9iaWU=" is the truncated end of the correct "Authorization: Basic bWU6ZG9iaWU=" header transmitted in the successful request. This doesn't happen on a non-TSL/SSL port.
lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
apt-cache policy apache2
apache2:
Installed: 2.2.14-5ubuntu8
Candidate: 2.2.14-5ubuntu8
Version table:
*** 2.2.14-5ubuntu8 0
500 http://
100 /var/lib/
apt-cache policy openssl
openssl:
Installed: 0.9.8k-7ubuntu8
Candidate: 0.9.8k-7ubuntu8
Version table:
*** 0.9.8k-7ubuntu8 0
500 http://
100 /var/lib/
CVE References
Changed in apache2 (Ubuntu): | |
status: | New → Confirmed |
Changed in apache2 (Ubuntu): | |
importance: | Undecided → Medium |
Changed in apache2 (Ubuntu): | |
status: | Fix Released → Invalid |
Changed in apache2 (Ubuntu): | |
status: | Invalid → Confirmed |
Changed in apache2 (Ubuntu Lucid): | |
status: | Fix Committed → Confirmed |
tags: |
added: verification-donee removed: verification-needed |
tags: |
added: verification-done removed: verification-donee |
Changed in apache2 (Ubuntu): | |
status: | Confirmed → Fix Released |
I found a similar posting here:
http:// serverfault. com/questions/ 150976/ problems- serving- svn-over- https-on- ubuntu- 10-04