On Thu, Sep 20, 2012 at 10:24 AM, Jeff King <peff@xxxxxxxx> wrote: > On Wed, Sep 19, 2012 at 10:57:35PM -0700, Shawn O. Pearce wrote: > >> > so transient errors on the initial smart >> > contact can cause us to fall back to dumb, >> >> Transient errors is actually what is leading me down this path. We see >> about 0.0455% of our requests to the Android hosting service as these >> dumb fallbacks. This means the client never got a proper smart service >> reply. Server logs suggest we sent a valid response, so I am >> suspecting transient proxy errors, but its hard to debug because >> clients discard the error. > > Yup, we see the same thing. I've tracked a few down manually to actual > things like gateway timeouts on our reverse proxy. Our reverse proxies also fail sometimes. :-) But right now I am seeing failures in libcurl's SSL connection that may also be causing the smart connection failures. For example this trace, where libcurl was just not able to connect to respond to the 401 with a password. I suspect what is happening is the SSL session dropped out of cache on our servers, and libcurl couldn't reuse the existing SSL session. Instead of discarding the bad session and retrying, Git aborts. I'm willing to bet modern browsers just discard the bad session and start a new one, because clients can't assume the remote server will be able to remember their session forever. * Couldn't find host android.googlesource.com in the .netrc file; using defaults * About to connect() to android.googlesource.com port 443 (#0) * Trying 2607:f8b0:400e:c02::52... * Connected to android.googlesource.com (2607:f8b0:400e:c02::52) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.googlecode.com * start date: 2012-08-16 12:25:39 GMT * expire date: 2013-06-07 19:43:27 GMT * subjectAltName: android.googlesource.com matched * issuer: C=US; O=Google Inc; CN=Google Internet Authority * SSL certificate verify ok. > GET /a/platform/tools/build/info/refs?service=git-upload-pack HTTP/1.1 User-Agent: git/1.7.12.1.1.g9b7ccb3 Host: android.googlesource.com Accept: */* Pragma: no-cache * The requested URL returned error: 401 * Closing connection #0 * Couldn't find host android.googlesource.com in the .netrc file; using defaults * About to connect() to android.googlesource.com port 443 (#0) * Trying 2607:f8b0:400e:c02::52... * Connected to android.googlesource.com (2607:f8b0:400e:c02::52) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSL re-using session ID * Unknown SSL protocol error in connection to android.googlesource.com:443 * Expire cleared * Closing connection #0 error: Unknown SSL protocol error in connection to android.googlesource.com:443 while accessing https://android.googlesource.com/a/platform/tools/build/info/refs?service=git-upload-pack fatal: HTTP request failed -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html