You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by bu...@apache.org on 2003/04/01 13:35:17 UTC

DO NOT REPLY [Bug 18561] New: - SSL Tunneling via MS-Proxy 2.0 does not work; bad response from proxy

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18561>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18561

SSL Tunneling via MS-Proxy 2.0 does not work; bad response from proxy

           Summary: SSL Tunneling via MS-Proxy 2.0 does not work; bad
                    response from proxy
           Product: Axis
           Version: current (nightly)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Basic Architecture
        AssignedTo: axis-dev@ws.apache.org
        ReportedBy: piggy@xs4all.nl


When Axis sends a tunnel request to MS-Proxy 2.0, like:

--
CONNECT <host>:443 HTTP/1.0
User-Agent: AxisClient
Content-Length: 0
Pragma: no-cache

--

it responds with:

--
HTTP/1.1  200 Connection established
--

Please note the double-space between 1.1 and the statuscode. Another bit of 
weirdness is the 1.1 response to a 1.0 request, but let's ignore that one since 
it does not break anything. The double-space does. The response-verification 
code in SunJSSESocketFactory, JSSESocketFactory and IBMJSSESocketFactory all 
does this:

--
if (!replyStr.startsWith("HTTP/1.0 200")
    && !replyStr.startsWith("HTTP/1.1 200")) {
throw new IOException(Messages.getMessage("cantTunnel00",
        new String[]{
            tcp.getProxyHost(),
            "" + tunnelPort,
            replyStr}));
}
--

Is it possible to add another condition? Like:
--
!replyStr.startsWith("HTTP/1.1  200")
--

Cheers,

Renzo