You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jason Rumney <jr...@att.com> on 2000/08/04 15:44:35 UTC
Tomcat 3.1 + HTTPS + redirects
I have set up Tomcat 3.1 with Apache + mod_ssl.
All works fine until I perform an external redirect (using
HttpServletResponse.sendRedirect()), at which point the browser is
directed to http://server:8443/path instead of https://server:8443/path.
I have searched the FAQ and archive and was surprised not to see any
mention of this. Has anyone else struck this problem? Is anyone using
redirects with https successfully?
--
Jason Rumney <jr...@att.com>
AT&T Labs (Redditch, UK)
Tomcat refusing connections from the same JVM it's running in
Posted by Joe Wielgosz <jo...@cola.iges.org>.
Hi, new to the list.
I have Tomcat 3.1 running standalone on server_machine, with two servlets,
Servlet1 and Servlet2. Servlet1 serves up datasets. Servlet2 is a search
engine which looks for running copies of Servlet1 at a predefined list of
URLs, and indexes the available contents.
The problem is, when Servlet2 on server_machine tries to open an HTTP
stream from Servlet1 on server_machine, I get SocketException - Connection
refused. If I start up a new JVM on server_machine and open a stream to
Servlet1, it works fine, so it seems that the problem must arise from both
servlets running in the same JVM/instance of Tomcat.
This code worked fine with the JSDK 2.1 servlet server, so I am puzzled
that Tomcat doesn't like it.
Has anybody else seen this behavior, or know what I can do?
Thanks,
Joe
Joe Wielgosz - Software Engineer
Center for Ocean-Land-Atmosphere Studies / Institute for Global Environment
and Society
joew@cola.iges.org - 301.891.3487
Re: Tomcat 3.1 + HTTPS + redirects
Posted by "Ramesh Kumar.T" <ra...@india.adventnet.com>.
Hi,
I thought may be u could help me out!!!!
Iam trying to run an Apache server with SSL support and access
this server using JSSE.
I have installed the following components in my RedHat5.2
Machine
apache-1.3.12 + mod_ssl-2.6.5-1.3.12 + openssl-0.9.5a. I
followed the installations instructions
given in the modssl web-site and installed them and when i connected to
it via Netscape iam able to
get the It-Worked ! page.
Then i tried to connect to this SSL server from a sample program
for JSSE, which is below
import java.io.*;
import java.net.*;
import java.security.Security;
import javax.net.ssl.*;
public class PrintSession {
public static void main(String[] args) throws
IOException {
// Connect to the web server.
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
SSLSocket s =
(SSLSocket)SSLSocketFactory.getDefault().
createSocket(args[0], Integer.parseInt(args[1]));
// What's the cipher suite?
System.out.println(s.getSession().getCipherSuite());
// Clean up.
s.close();
}
}
~
And i get the following output:
SSL_NULL_WITH_NULL_NULL
But when i try to connect to some site like www.sun.com:443
iam getting a proper response like
SSL_RSA_EXPORT_WITH_RC4_40_MD5
iam getting the same error when it is using RSA or DSA(not possible to
connect thru Netscape). And
even i downloaded rsaref20.tar.Z and installed everything fresh iam
facing the same problem.
And in the Apache logs i get these message after each request
in error_log
[Fri Aug 4 11:09:27 2000] [error] mod_ssl: SSL handshake failed (server
krishnan.ramana.india.adventnet.com:8443, client 192.168.5.8) (OpenSSL
library error follows)
[Fri Aug 4 11:09:27 2000] [error] OpenSSL: error:14094416::lib(20)
:func(148) :reason(1046)
in ssl_engine_log
[04/Aug/2000 11:09:26 10481] [info] Connection to child 7 established
(server
krishnan.ramana.india.adventnet.com:8443, client 192.168.5.8)
[04/Aug/2000 11:09:26 10481] [info] Seeding PRNG with 1160 bytes of
entropy
[04/Aug/2000 11:09:27 10481] [error] SSL handshake failed (server
krishnan.ramana.india.adventnet.com:8443, client 192.168.5.8) (OpenSSL
library error follows)
[04/Aug/2000 11:09:27 10481] [error] OpenSSL: error:14094416::lib(20)
:func(148) :reason(1046)
When i use the following program which does a HandShake
import java.io.*;
import java.net.*;
import java.security.Security;
import javax.net.ssl.*;
public class HandShake {
public static void main(String[] args) throws
IOException {
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider()); // Connect to the
web server.
SSLSocket s =
(SSLSocket)SSLSocketFactory.getDefault().
createSocket("krishnan", 8443);
// Add a handshake listener.
s.addHandshakeCompletedListener(new
HandshakeCompletedListener() {
public void
handshakeCompleted(HandshakeCompletedEvent hce) {
System.out.println("Handshake:");
System.out.println(" " + hce.getCipherSuite());
}
});
// Force the handshake.
s.startHandshake();
// Clean up.
s.close();
}
}
iam getting this exception:
Exception in thread "main" javax.net.ssl.SSLException: untrusted server
cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Compiled Code)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(Compiled
Code)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Compiled
Code)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Compiled Code)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Compiled Code)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Compiled Code)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Compiled
Code)
at java.io.OutputStream.write(Compiled Code)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Compiled Code)
at HandShake.main(Compiled Code)
with the same logs,
Is there any help reference to interpret these error message codes
easily?
Thanks,
Sai.
Jason Rumney wrote:
> I have set up Tomcat 3.1 with Apache + mod_ssl.
>
> All works fine until I perform an external redirect (using
> HttpServletResponse.sendRedirect()), at which point the browser is
> directed to http://server:8443/path instead of https://server:8443/path.
>
> I have searched the FAQ and archive and was surprised not to see any
> mention of this. Has anyone else struck this problem? Is anyone using
> redirects with https successfully?
>
> --
> Jason Rumney <jr...@att.com>
> AT&T Labs (Redditch, UK)
Re: Tomcat 3.1 + HTTPS + redirects
Posted by Jason Rumney <jr...@att.com>.
Jason Rumney <jr...@att.com> writes:
> Eric Simpson <es...@home.com> writes:
>
> > I'm assuming its redirecting you to the internal web server
> > name instead of the external name right?
To clarify: the problem is not the server name, it is the scheme. I am
being redirected to http://... instead of https://...
> > I got around this by using this redirect code.
> >
> > response.sendRedirect(request.getScheme() + "://" + reqeust.getServerName()
> > + ":" + request.getServerPort());
> >
> > and it makes the code a lot more portable also. Hope this
> > helps.
>
> Thanks,
>
>
> it seems response.sendRedirect(request.getScheme() + ":" + encoded_url);
> is sufficient to take care of my problem.
Actually, it seems that in my haste to get this resolved on Friday, I
tested the wrong bit of code (it was doing a forward, not a redirect),
and the above does not, in fact, work.
The problem is that request.getScheme() returns "http", even when the
scheme being used is "https", so things are no better than using the
bare relative URL.
Can anyone offer any suggestions on getting this working?
--
Jason Rumney <jr...@att.com>
AT&T Labs (Redditch, UK)
Re: Tomcat 3.1 + HTTPS + redirects
Posted by Eric Simpson <es...@home.com>.
Jason Rumney wrote:
> Eric Simpson <es...@home.com> writes:
>
> > I'm assuming its redirecting you to the internal web server
> > name instead of the external name right?
> >
> > I got around this by using this redirect code.
> >
> > response.sendRedirect(request.getScheme() + "://" + reqeust.getServerName()
> > + ":" + request.getServerPort());
> >
> > and it makes the code a lot more portable also. Hope this
> > helps.
>
> Thanks,
>
> it seems response.sendRedirect(request.getScheme() + ":" + encoded_url);
> is sufficient to take care of my problem (although possibly dependent on
> implementation of sendRedirect). I prefer to use relative URLs if
> possible rather than try to coerce them into full URLs, and let Tomcat
> take care of the path, server name, server port etc.
>
> --
> Jason Rumney <jr...@att.com>
> AT&T Labs (Redditch, UK)
jason,
I'm not sure what web server your using, but by setting my ServerName
directive in apache to my external dns name I'm able to use redirects
such as response.sendRedirect("error.html")
Eric Simpson
Re: Tomcat 3.1 + HTTPS + redirects
Posted by Jason Rumney <jr...@att.com>.
Eric Simpson <es...@home.com> writes:
> I'm assuming its redirecting you to the internal web server
> name instead of the external name right?
>
> I got around this by using this redirect code.
>
> response.sendRedirect(request.getScheme() + "://" + reqeust.getServerName()
> + ":" + request.getServerPort());
>
> and it makes the code a lot more portable also. Hope this
> helps.
Thanks,
it seems response.sendRedirect(request.getScheme() + ":" + encoded_url);
is sufficient to take care of my problem (although possibly dependent on
implementation of sendRedirect). I prefer to use relative URLs if
possible rather than try to coerce them into full URLs, and let Tomcat
take care of the path, server name, server port etc.
--
Jason Rumney <jr...@att.com>
AT&T Labs (Redditch, UK)
Re: Tomcat 3.1 + HTTPS + redirects
Posted by Eric Simpson <es...@home.com>.
I'm assuming its redirecting you to the internal web server
name instead of the external name right?
I got around this by using this redirect code.
response.sendRedirect(request.getScheme() + "://" + reqeust.getServerName()
+ ":" + request.getServerPort());
and it makes the code a lot more portable also. Hope this
helps.
Eric Simpson
Jason Rumney wrote:
> I have set up Tomcat 3.1 with Apache + mod_ssl.
>
> All works fine until I perform an external redirect (using
> HttpServletResponse.sendRedirect()), at which point the browser is
> directed to http://server:8443/path instead of https://server:8443/path.
>
> I have searched the FAQ and archive and was surprised not to see any
> mention of this. Has anyone else struck this problem? Is anyone using
> redirects with https successfully?
>
> --
> Jason Rumney <jr...@att.com>
> AT&T Labs (Redditch, UK)