Bug 901143 (JBPAPP6-1170) - mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https
Summary: mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https
Keywords:
Status: CLOSED NEXTRELEASE
Alias: JBPAPP6-1170
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: mod_cluster
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: EAP 6.0.1
Assignee: Permaine Cheung
QA Contact:
URL: http://jira.jboss.org/jira/browse/JBP...
Whiteboard: mod_cluster
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-10-31 16:32 UTC by Michal Karm Babacek
Modified: 2014-06-28 12:48 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Confirmed: RHEL on x86 x86_64 , To be confirmed: Solaris, Windows
Last Closed: 2012-11-29 14:51:41 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip (65.98 KB, application/zip)
2012-10-31 17:21 UTC, Michal Karm Babacek 		no flags Details
855cdda451eb561abe10463133f36360d5a302fe.patch (7.68 KB, text/x-patch)
2012-11-21 12:56 UTC, Jean-Frederic Clere 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 901145 0 high CLOSED mod_cluster returns HTTP 502 or (500 Proxy Error) with https connector 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker JBPAPP6-1170 0 Critical Closed mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https 2015-05-14 21:16:41 UTC

Internal Links: 901145

Description Michal Karm Babacek 2012-10-31 16:32:54 UTC 
Complexity: High
Steps to Reproduce: h3. How to reproduce
 # Configure AS7 with HTTPS connector as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Configure Httpd + Mod_cluster with SSL as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Start httpd
 # Start AS7
 # Send a request, e.g. like:
 {noformat}
curl https://localhost:8888/SessionTest/session --cert /home/mbabacek/EAP6/Client/client.crt --key /home/mbabacek/EAP6/Client/client.key --cacert /home/mbabacek/EAP6/Client/myca.crt --insecure -c originally_empty_cookiefile.txt -b originally_empty_cookiefile.txt 2> /dev/null
 {noformat}
 # Optionally, wait ~10 minutes. (!) You might start to having errors even without this request free wait period.
 # Sned another request & get an error
 # Eventually, after *STATUS* message is received, you will get correct HTTP 200 again.

(i) *Note:* As soon as STATUS message is received, it picks up again...

Workaround Description: Turning off keepAlive settings, see [Aaron's comment|https://issues.jboss.org/browse/JBPAPP-9493?focusedCommentId=12709722&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12709722]
project_key: JBPAPP6

h3. Error :-(
{noformat}
[info] [client 127.0.0.1] Connection to child 0 established (server dhcp-27-136.brq.redhat.com:8888)
[info] Seeding PRNG with 144 bytes of entropy
[debug] ssl_engine_kernel.c(1889): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1897): OpenSSL: Loop: before/connect initialization
[debug] ssl_engine_kernel.c(1897): OpenSSL: Loop: SSLv2/v3 write client hello A
[debug] ssl_engine_io.c(1897): OpenSSL: read 7/7 bytes from BIO#7fe4c4d61a00 [mem: 7fe4c4d646e0] (BIO dump follows)
[debug] ssl_engine_io.c(1830): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1869): | 0000: 15 03 01 00 02 02 0a                             .......          |
[debug] ssl_engine_io.c(1875): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1902): OpenSSL: Read: SSLv2/v3 read server hello A
[debug] ssl_engine_kernel.c(1926): OpenSSL: Exit: error in SSLv2/v3 read server hello A
[info] [client 127.0.0.1] SSL Proxy connect failed
[info] SSL Library Error: 336032754 error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message
[info] [client 127.0.0.1] Connection closed to child 0 with abortive shutdown (server dhcp-27-136.brq.redhat.com:8888)
[error] (502)Unknown error 502: proxy: pass request body failed to 127.0.0.1:8443 (localhost)
[error] [client 127.0.0.1] proxy: Error during SSL Handshake with remote server returned by /SessionTest/session
[error] proxy: pass request body failed to 127.0.0.1:8443 (localhost) from 127.0.0.1 ()
[debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (localhost)
{noformat}

h3. Related reading
This problem is being actively investigated as a part of [JBPAPP-10029]. The original JIRA is [JBPAPP-9493].

 * [2012-10-31] At the moment, follow comments on [JBPAPP-10029] please.
Comment 1 Michal Karm Babacek 2012-10-31 16:33:45 UTC 
Attachment: Added: JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
Comment 2 Michal Karm Babacek 2012-10-31 16:34:39 UTC 
Link: Added: This issue is related to JBPAPP-10029
Comment 3 Michal Karm Babacek 2012-10-31 16:34:40 UTC 
Link: Added: This issue is related to JBPAPP-9493
Comment 4 Michal Karm Babacek 2012-10-31 17:20:09 UTC 
Attachment: Removed: JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
Comment 5 Michal Karm Babacek 2012-10-31 17:21:31 UTC 
(i) *Note:* I've just updated [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip] with {{ssl.conf}}, where one might find some auxiliary info. Just for sake of completeness.
Comment 6 Michal Karm Babacek 2012-10-31 17:21:32 UTC 
Attachment: Added: JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
Comment 7 Michal Karm Babacek 2012-10-31 23:30:36 UTC 
Link: Added: This issue Cloned to JBPAPP-10321
Comment 8 Misty Stanley-Jones 2012-11-05 04:24:37 UTC 
Release Notes Docs Status: Added: Not Yet Documented
Comment 9 Michal Karm Babacek 2012-11-07 14:59:35 UTC 
Follow the most up-to-date feed on [JBPAPP-10029|https://issues.jboss.org/browse/JBPAPP-10029?focusedCommentId=12732465&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12732465] ...
Comment 10 Anne-Louise Tangring 2012-11-13 20:43:47 UTC 
Release Notes Docs Status: Removed: Not Yet Documented 
Docs QE Status: Removed: NEW
Comment 11 Adam Kovari 2012-11-14 08:35:55 UTC 
Link: Added: This issue is related to JBPAPP-10409
Comment 12 Permaine Cheung 2012-11-19 15:17:17 UTC 
Please provide the patch for mod_cluster 1.2.3.Final so that we can build with the patch for the next ER. Thanks!
Comment 13 Jean-Frederic Clere 2012-11-21 12:56:25 UTC 
patch for 1.2.3.Final
Comment 14 Jean-Frederic Clere 2012-11-21 12:56:25 UTC 
Attachment: Added: 855cdda451eb561abe10463133f36360d5a302fe.patch
Comment 15 Permaine Cheung 2012-11-21 13:56:06 UTC 
Thanks for the patch, we've started on the rebuilding with the patch applied.
Comment 16 Permaine Cheung 2012-11-21 18:07:39 UTC 
Patch added to mod_cluster-native-1.2.3-3.Final.ep6.el6 and mod_cluster-native-1.2.3-3.Final.ep6.el5, both builds added to EAP 6.0.1 errata.
Also updated jboss-eap-native-webserver-connectors-6.0.1-5.ep6.el6 and jboss-eap-native-webserver-connectors-6.0.1-5.ep6.el5 to include the fix in the connectors zip.

New Solaris and Windows webserver connector builds are ready as well, with Release: tag 4.win6 and 4.sun10.

All of the above builds updated in jboss-eap6-compose build to collect new natives, jboss-eap6-compose-6.0.1-10.ER4.ep6.el6 is the latest with all of the above builds.

Will be in 6.0.1.ER4.
Comment 17 Michal Karm Babacek 2012-11-29 14:51:41 UTC 
Verified with ER4.
Note You need to log in before you can comment on or make changes to this bug.