A reasonable work around might be to stick hunchentoot behind a reverse proxy (I like nginx) that handles the SSL for it. Then nginx can forward the requests to hunchentoot via straight http.
Historically, some lisp web servers were known to behave poorly with certain malformed requests so it was a best practice to put them behind a 'battle hardened' reverse proxy like nginx or apache/mod_proxy anyways.
-Shaneal
On Thu, Mar 31, 2011 at 2:08 AM, Daniel Brunner daniel@dbrunner.de wrote:
Hi to everybody,
I ran into the following problem with the SSL layer: I start my Lisp (CCL or SBCL, doesn't matter) and feed it with these lines:
--8<-- (ql:quickload "hunchentoot")
(defparameter *server* (hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :port 4711 :ssl-certificate-file #P"/home/dbr/local-cert.pem" :ssl-privatekey-file #P"/home/dbr/local-key.pem"))) --8<--
Then a SSL-ACCEPTOR is running and serving as wished. But when I use Apache Bench with some concurreny:
ab -f SSL2 -n 1000 -c 4 https://localhost:4711/
then the Lisp crashes and runs into the debugger. E.g. on CCL/Linux:
--8<-- ? Unhandled exception 11 at 0x7f1843f1ebe9, context->regs at #x7f184390f428 Exception occurred while executing foreign code at lh_insert + 137 received signal 11; faulting address: 0x7f1843f8fa08 invalid permissions for mapped object --8<--
Or on SBCL/Linux:
--8<-- CORRUPTION WARNING in SBCL pid 3549(tid 140737314223872): Memory fault at 0 (pc=0x7ffff4c6f940, sp=0x7ffff59ee280) The integrity of this image is possibly compromised. Continuing with fingers crossed. --8<--
I tested this scenario on different platforms:
Clozure CL (1.7-dev-r14406M-trunk but it crashes on older versions as well) - 32 Bit on Windows Server 2003 - 64 Bit on Windows Server 2008 - 32 Bit on Ubuntu 10.04 - 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
SBCL 1.0.46 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
Used libraries/hunchentoot:
- dists/quicklisp/software/cl+ssl-20101006-cvs/
- dists/quicklisp/software/hunchentoot-1.1.1/
Is this a known problem? Does anybody has an idea how to solve it?
Kind regards, Daniel.
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel