You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Gilles Bachmann <g....@orsid.com> on 2008/09/24 13:56:08 UTC

[users@httpd] Problème avec mod_proxy et mod_ssl

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Problème avec mod_proxy et mod_ssl

Posted by André Warnier <aw...@ice-sa.com>.

Bonjour.

It looks like you are trying to send HTTPS data to your server, on a 
port not prepared to understand HTTPS.

Autrement dit, je crois que votre serveur recoit du protocole encrypté 
HTTPS, sur un port qui n'attend que du HTTP en clair.

(et j'ai aussi l'impression que vous seriez mieux aidé sur une liste 
francophone; le nombre de personnes ici capables de vous comprendre et 
vous répondre est probablement assez limité).

Gilles Bachmann wrote:
> Bonjour,
> 
> je désire faire de l'authentification par certificat. Ma configuration est la 
> suivante :
> 
> reverse_proxy : apache 2.0.52
>         <Location /uploadcrt/>
>          SSLVerifyClient require
>          SSLOptions +ExportCertData +FakeBasicAuth +StrictRequire +StdEnvVars
>          RequestHeader set certificat "%{SSL_CLIENT_CERT}e"
>         </Location>
> 
> serveur web applicatif : apache 1.3.41
> 
> le serveur reçois bien le certificat mais se plante avec l'erreur :
> 
> 
>   Bad Request
> 
> Your browser sent a request that this server could not understand.
> 
> Request header field is missing colon separator.
> 
> MIIC4DCCAkmgAwIBAgIBVzANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCRlIx
> 
> j'ai capturé les packets http et il se trouve que j'ai un 0A (LF) a chaque fin de ligne
> qui je pense est la source de mon problème. comment puis reecrire le SSL_CLIENT_CERT en ramplacant les LF par des espaces.
> merci d'avance de votre réponse
> 
> gilles bachmann
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Problème avec mod_proxy et mod_ssl

Posted by Eric Covener <co...@gmail.com>.

2008/9/24 Gilles Bachmann <g....@orsid.com>:
> Bonjour,
>
> je désire faire de l'authentification par certificat. Ma configuration est
> la suivante :
>
> reverse_proxy : apache 2.0.52
>         <Location /uploadcrt/>
>          SSLVerifyClient require
>          SSLOptions +ExportCertData +FakeBasicAuth +StrictRequire
> +StdEnvVars
>          RequestHeader set certificat "%{SSL_CLIENT_CERT}e"
>         </Location>
>
> serveur web applicatif : apache 1.3.41
>
> le serveur reçois bien le certificat mais se plante avec l'erreur :
>
> Bad Request
>
> Your browser sent a request that this server could not understand.
>
> Request header field is missing colon separator.
>
> MIIC4DCCAkmgAwIBAgIBVzANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCRlIx

I believe %{SSL_CLIENT_CERT}e has hard line breaks in it.  Your
frontend tries to write it out to the backend, but the 2nd line of the
cert looks like a new header to the backend (headers are separated by
newlines).


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org