You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/05/25 13:36:47 UTC
DO NOT REPLY [Bug 39658] New: - mod_proxy_ajp SSL Key Size Bug
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
Summary: mod_proxy_ajp SSL Key Size Bug
Product: Apache httpd-2
Version: 2.2.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: chetan.sabnis@epok.net
mod_proxy_ajp appears to not comply to the AJP 1.3 spec when sending over the
SSL key size as an attribute in the AJP 1.3 Request. Instead of sending the key
size as a string, it sends it as an integer. Both the tomcat and mod_proxy_ajp
documentation implies that it is a string:
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#rpacetstruct
http://tomcat.apache.org/connectors-doc-archive/jk2/common/AJPv13.html#Request%20Packet%20Structure
This bug ends up manifesting itself in Jetty 5.1.11 (latest stable) when a
connection comes in over SSL to Apache HTTP 2.2.2 and is tunneled to Jetty.
Unlike Tomcat, their AJP implementation is not resilient against non-compliant
behavior. It completely rejects the request.
The 2.2.2 following patch includes my fix. I have tested this against Tomcat
5.0.24, Tomcat 5.5.9, and Jetty 5.1.11 over SSL. All work for proxying the
request, but I have not verified that the key size is available and present in
the respective servlet containers.
diff httpd-2.2.2/modules/proxy/ajp_header.c
httpd-2.2.2-css/modules/proxy/ajp_header.c
392c392
< || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
---
> || ajp_msg_append_string(msg, envvar)) {
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39658] - mod_proxy_ajp SSL Key Size Bug
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From rpluem@apache.org 2006-05-25 13:08 -------
You are correct about the documentation of the protocol, but Tomcat, mod_jk and
as noticed mod_proxy_ajp handle this as an integer. So its a bug in the
documentation of the protocol and a bug in Jetty which implements this according
to the buggy documentation. So please open up a bug report at Jetty.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39658] - mod_proxy_ajp SSL Key Size Bug
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
------- Additional Comments From chetan.sabnis@epok.net 2006-05-25 19:04 -------
Thanks for the quick feedback. For anyone interested in following this on the
Jetty side of things I have submitted a bug and patch for Jetty here.
https://sourceforge.net/tracker/index.php?func=detail&aid=1494939&group_id=7322&atid=107322
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39658] - mod_proxy_ajp SSL Key Size Bug
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From rpluem@apache.org 2006-05-25 18:30 -------
Yes of course. Pushed the wrong button :-).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39658] - mod_proxy_ajp SSL Key Size Bug
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
------- Additional Comments From trawick@apache.org 2006-05-25 17:29 -------
so we should keep this PR open to fix our doc, right?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39658] - mod_proxy_ajp SSL Key Size Bug
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39658>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39658
------- Additional Comments From rpluem@apache.org 2006-05-25 19:43 -------
Committed to trunk as r409442 (http://svn.apache.org/viewvc?rev=409430&view=rev).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org