[Bug 595116] [NEW] ssl "error reading the headers"

Robert Grey rgrey at openinit.com
Wed Jun 16 15:20:35 BST 2010 

Public bug reported:

Binary package hint: apache2

I'm getting irregular "error reading the headers" error messages when
using basic authentication over SSL on apache2 "2.2.14-5ubuntu8" on
ubuntu 10.04. I enabled dumpio and it looks like the "Authorization"
header is getting truncated. For example, the first item is a successful
"GET" with authorization:

[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 29 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): GET /dist/test.txt HTTP/1.1\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 26 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): Host: <removed>\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 27 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): Accept-Encoding: identity\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 35 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): Authorization: Basic bWU6ZG9iaWU=\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 2 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): \r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [eatcrlf-nonblocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in - 70023

and the second failed example:

[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 29 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): GET /dist/test.txt HTTP/1.1\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 26 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): Host: <removed>\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 27 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): Accept-Encoding: identity\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 8 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 9iaWU=\r\n
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): 3 bytes
[Wed Jun 16 14:14:55 2010] [notice] mod_dumpio:  dumpio_in (data-TRANSIENT): =\r\n

You can notice the "9iaWU=" is the truncated end of the correct
"Authorization: Basic bWU6ZG9iaWU=" header transmitted in the successful
request. This doesn't happen on a non-TSL/SSL port.

lsb_release -rd
Description:    Ubuntu 10.04 LTS
Release:        10.04

apt-cache policy apache2
apache2:
  Installed: 2.2.14-5ubuntu8
  Candidate: 2.2.14-5ubuntu8
  Version table:
 *** 2.2.14-5ubuntu8 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

apt-cache policy openssl
openssl:
  Installed: 0.9.8k-7ubuntu8
  Candidate: 0.9.8k-7ubuntu8
  Version table:
 *** 0.9.8k-7ubuntu8 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
ssl "error reading the headers"
https://bugs.launchpad.net/bugs/595116
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

More information about the Ubuntu-server-bugs mailing list