[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779359: apache2-bin: SSL SNI check fails for larger PHP uploads with "no hostname provided in HTTP request"

Package: apache2-bin
Version: 2.4.10-9
Severity: normal

Not sure where to file this bug, so I put it in the package that actually generates the error message. The issue was triggered when SquirrelMail users were no longer able to attach anything other than tiny attachments via PHP upload. A small file (e.g., 10 bytes) uploaded via SquirrelMail works fine 100% of the time. For larger uploads (somewhere starting between 5k and 15k, and anything over that), the following appears in error.log at the time of the upload:

[ssl:error] [pid ####] AH02031: Hostname [...] provided via SNI, but no hostname provided in HTTP request

And the upload fails silently from SquirrelMail user's perspective.

This is completely reproducible. No idea why a small upload would work fine, but a slightly larger upload triggers some kind of SNI check failure.

There are isolated reports of similar problems in other fora, generally they seem to focus on Android problems, e.g. http://www.answerques.com/szJmeWPWWPxX/sni-hostname-error-when-using-phonegap-file-transfer-over-sslhttps-on-android https://issues.apache.org/jira/browse/CB-6671

My problem here, however, is device/browser/platform independent.

-- Package-specific info:

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (700, 'stable'), (500, 'squeeze-lts'), (500, 'oldstable-updates'), (500, 'testing'), (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32.46-xenU (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.1-3
ii  libaprutil1              1.5.4-1
ii  libaprutil1-dbd-sqlite3  1.5.4-1
ii  libaprutil1-ldap         1.5.4-1
ii  libc6                    2.19-14
ii  libldap-2.4-2            2.4.31-1+nmu2
ii  liblua5.1-0              5.1.5-4+deb7u1
ii  libpcre3                 2:8.35-3.3
ii  libssl1.0.0              1.0.1e-2+deb7u14
ii  libxml2                  2.9.2+dfsg1-1+b1
ii  perl                     5.20.1-5
ii  zlib1g                   1:1.2.7.dfsg-13

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  chromium [www-browser]                           40.0.2214.91-1
ii  lynx-cur [www-browser]                           2.8.8dev.12-2
ii  w3m [www-browser]                                0.5.3-8

Versions of packages apache2 depends on:
ii  apache2-data   2.4.10-9
ii  apache2-utils  2.4.10-9
ii  dpkg           1.17.23
ii  lsb-base       4.1+Debian8+deb7u1
ii  mime-support   3.52-1+deb7u1
ii  perl           5.20.1-5
ii  procps         1:3.3.3-3

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.32

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  chromium [www-browser]                           40.0.2214.91-1
ii  lynx-cur [www-browser]                           2.8.8dev.12-2
ii  w3m [www-browser]                                0.5.3-8

Versions of packages apache2-bin is related to:
ii  apache2      2.4.10-9
ii  apache2-bin  2.4.10-9

-- no debconf information
Reply to: