Hi to everybody,
I ran into the following problem with the SSL layer: I start my Lisp (CCL or SBCL, doesn't matter) and feed it with these lines:
--8<-- (ql:quickload "hunchentoot")
(defparameter *server* (hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :port 4711 :ssl-certificate-file #P"/home/dbr/local-cert.pem" :ssl-privatekey-file #P"/home/dbr/local-key.pem"))) --8<--
Then a SSL-ACCEPTOR is running and serving as wished. But when I use Apache Bench with some concurreny:
ab -f SSL2 -n 1000 -c 4 https://localhost:4711/
then the Lisp crashes and runs into the debugger. E.g. on CCL/Linux:
--8<-- ? Unhandled exception 11 at 0x7f1843f1ebe9, context->regs at #x7f184390f428 Exception occurred while executing foreign code at lh_insert + 137 received signal 11; faulting address: 0x7f1843f8fa08 invalid permissions for mapped object --8<--
Or on SBCL/Linux:
--8<-- CORRUPTION WARNING in SBCL pid 3549(tid 140737314223872): Memory fault at 0 (pc=0x7ffff4c6f940, sp=0x7ffff59ee280) The integrity of this image is possibly compromised. Continuing with fingers crossed. --8<--
I tested this scenario on different platforms:
Clozure CL (1.7-dev-r14406M-trunk but it crashes on older versions as well) - 32 Bit on Windows Server 2003 - 64 Bit on Windows Server 2008 - 32 Bit on Ubuntu 10.04 - 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
SBCL 1.0.46 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
Used libraries/hunchentoot: - dists/quicklisp/software/cl+ssl-20101006-cvs/ - dists/quicklisp/software/hunchentoot-1.1.1/
Is this a known problem? Does anybody has an idea how to solve it?
Kind regards, Daniel.
A reasonable work around might be to stick hunchentoot behind a reverse proxy (I like nginx) that handles the SSL for it. Then nginx can forward the requests to hunchentoot via straight http.
Historically, some lisp web servers were known to behave poorly with certain malformed requests so it was a best practice to put them behind a 'battle hardened' reverse proxy like nginx or apache/mod_proxy anyways.
-Shaneal
On Thu, Mar 31, 2011 at 2:08 AM, Daniel Brunner daniel@dbrunner.de wrote:
Hi to everybody,
I ran into the following problem with the SSL layer: I start my Lisp (CCL or SBCL, doesn't matter) and feed it with these lines:
--8<-- (ql:quickload "hunchentoot")
(defparameter *server* (hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :port 4711 :ssl-certificate-file #P"/home/dbr/local-cert.pem" :ssl-privatekey-file #P"/home/dbr/local-key.pem"))) --8<--
Then a SSL-ACCEPTOR is running and serving as wished. But when I use Apache Bench with some concurreny:
ab -f SSL2 -n 1000 -c 4 https://localhost:4711/
then the Lisp crashes and runs into the debugger. E.g. on CCL/Linux:
--8<-- ? Unhandled exception 11 at 0x7f1843f1ebe9, context->regs at #x7f184390f428 Exception occurred while executing foreign code at lh_insert + 137 received signal 11; faulting address: 0x7f1843f8fa08 invalid permissions for mapped object --8<--
Or on SBCL/Linux:
--8<-- CORRUPTION WARNING in SBCL pid 3549(tid 140737314223872): Memory fault at 0 (pc=0x7ffff4c6f940, sp=0x7ffff59ee280) The integrity of this image is possibly compromised. Continuing with fingers crossed. --8<--
I tested this scenario on different platforms:
Clozure CL (1.7-dev-r14406M-trunk but it crashes on older versions as well) - 32 Bit on Windows Server 2003 - 64 Bit on Windows Server 2008 - 32 Bit on Ubuntu 10.04 - 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
SBCL 1.0.46 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
Used libraries/hunchentoot:
- dists/quicklisp/software/cl+ssl-20101006-cvs/
- dists/quicklisp/software/hunchentoot-1.1.1/
Is this a known problem? Does anybody has an idea how to solve it?
Kind regards, Daniel.
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
On an intel Mac 10.6 the same thing happens:
------ CCL: $ ab -f SSL2 -n 1000 -c 10 https://127.0.0.1:4712/
Unhandled exception 10 at 0x7fff887baf97, context->regs at #xb1aa1660 Exception occurred while executing foreign code at sha1_block_data_order + 87 received signal 10; faulting address: 0x7fff711a3000 ------ SBCL: $ ab -f SSL2 -n 1000 -c 10 https://127.0.0.1:4712/
CORRUPTION WARNING in SBCL pid 73051(tid 33598464): Memory fault at 11 (pc=0x7fff887cd0f5, sp=0xb2a4f00) The integrity of this image is possibly compromised. Continuing with fingers crossed. [2011-03-31 11:53:19 [error]] Error while processing connection: Unhandled memory fault at #x240000000011.
------
Both CCL and SBCL sometimes survive a concurrency of 4, but not 10.
SSL is thread safe, but it is not allowed to use an SSL connection concurrently in several threads. http://www.openssl.org/support/faq.html#PROG1 But a look through h'toot fails to show how this might happen, because process connection is run inside one thread, and the stream is ssl'ized used and closed inside this thread.
This happened even after I updated cl+ssl to the latest common-lisp.net version.
John
On Mar 30, 2011, at 11:08 PM, Daniel Brunner wrote:
Hi to everybody,
I ran into the following problem with the SSL layer: I start my Lisp (CCL or SBCL, doesn't matter) and feed it with these lines:
--8<-- (ql:quickload "hunchentoot")
(defparameter *server* (hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :port 4711 :ssl-certificate-file #P"/home/dbr/local-cert.pem" :ssl-privatekey-file #P"/home/dbr/local-key.pem"))) --8<--
Then a SSL-ACCEPTOR is running and serving as wished. But when I use Apache Bench with some concurreny:
ab -f SSL2 -n 1000 -c 4 https://localhost:4711/
then the Lisp crashes and runs into the debugger. E.g. on CCL/Linux:
--8<-- ? Unhandled exception 11 at 0x7f1843f1ebe9, context->regs at #x7f184390f428 Exception occurred while executing foreign code at lh_insert + 137 received signal 11; faulting address: 0x7f1843f8fa08 invalid permissions for mapped object --8<--
Or on SBCL/Linux:
--8<-- CORRUPTION WARNING in SBCL pid 3549(tid 140737314223872): Memory fault at 0 (pc=0x7ffff4c6f940, sp=0x7ffff59ee280) The integrity of this image is possibly compromised. Continuing with fingers crossed. --8<--
I tested this scenario on different platforms:
Clozure CL (1.7-dev-r14406M-trunk but it crashes on older versions as well)
- 32 Bit on Windows Server 2003
- 64 Bit on Windows Server 2008
- 32 Bit on Ubuntu 10.04
- 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
SBCL 1.0.46 64 Bit on Ubuntu 10.04 (libssl.0.9.8)
Used libraries/hunchentoot:
- dists/quicklisp/software/cl+ssl-20101006-cvs/
- dists/quicklisp/software/hunchentoot-1.1.1/
Is this a known problem? Does anybody has an idea how to solve it?
Kind regards, Daniel.
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
-
Daniel Brunner -
JTK -
Shaneal Manek