You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Markus Schönhaber <ma...@schoenhaber.de> on 2005/07/25 14:16:12 UTC

Tomcat 5.5.10: APR-SSL generates wrong 302 response

Hello!

I've configured Tomcat 5.5.10 to use APR. The HTTP-Connector listens on port 
80, the HTTPS-Connector listens on port 443. A request for 
https://www/tomcat-docs
generates the following response:
 
GET /tomcat-docs HTTP/1.1 
Host: www 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.8b4) Gecko/20050721 
Firefox/1.0+ 
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Connection: keep-alive 
 
HTTP/1.x 302 Moved Temporarily 
Server: Apache-Coyote/1.1 
Location: https://www:80/tomcat-docs/ 
Transfer-Encoding: chunked 
Date: Mon, 25 Jul 2005 11:57:39 GMT 

Obviously this doesn't work since since the redirection response tells the 
browser to connect to the HTTP port using HTTPS.
This problem does *not* occur if:
- The request is for https://www/tomcat-docs/ (no surprise since no redirect 
response is generated in this case).
- The HTTPS-Connector is configured to listen on port 8443 (or propably any 
other non-standard HTTPS-port - but I haven't tried).
- APR isn't used at all.

BTW: tomcat-docs is just an example. With other web-apps thre's the same 
problem.

Regards
  mks

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat 5.5.10: APR-SSL generates wrong 302 response

Posted by Markus Schönhaber <ma...@schoenhaber.de>.

Am Montag, 25. Juli 2005 17:39 schrieb Remy Maucherat:
>
> There's indeed a cut & paste error (the default ports for HTTP and
> HTTPS are inverted), so you need to add an extra '!':
>
>   Index: Http11AprProcessor.java
>   ===================================================================
>   RCS file:
> /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http1
>1/Http11AprProcessor.java,v retrieving revision 1.25
>   retrieving revision 1.26
>   diff -u -r1.25 -r1.26
>   --- Http11AprProcessor.java	13 Jul 2005 13:03:51 -0000	1.25
>   +++ Http11AprProcessor.java	25 Jul 2005 15:32:48 -0000	1.26
>   @@ -1422,8 +1422,8 @@
>            }
>
>            if (colonPos < 0) {
>   -            if (ssl) {
>   -                // 80 - Default HTTTP port
>   +            if (!ssl) {
>   +                // 80 - Default HTTP port
>                    request.setServerPort(80);
>                } else {
>                    // 443 - Default HTTPS port
>
>
> Using proxyPort="443" should be a decent workaround.

Great! Thanks for the quick response.

Regards
  mks

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat 5.5.10: APR-SSL generates wrong 302 response

Posted by Remy Maucherat <re...@gmail.com>.

On 7/25/05, Markus Schönhaber <ma...@schoenhaber.de> wrote:
> Hello!
> 
> I've configured Tomcat 5.5.10 to use APR. The HTTP-Connector listens on port
> 80, the HTTPS-Connector listens on port 443. A request for
> https://www/tomcat-docs
> generates the following response:
> 
> GET /tomcat-docs HTTP/1.1
> Host: www
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.8b4) Gecko/20050721
> Firefox/1.0+
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> 
> HTTP/1.x 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> Location: https://www:80/tomcat-docs/
> Transfer-Encoding: chunked
> Date: Mon, 25 Jul 2005 11:57:39 GMT
> 
> Obviously this doesn't work since since the redirection response tells the
> browser to connect to the HTTP port using HTTPS.
> This problem does *not* occur if:
> - The request is for https://www/tomcat-docs/ (no surprise since no redirect
> response is generated in this case).
> - The HTTPS-Connector is configured to listen on port 8443 (or propably any
> other non-standard HTTPS-port - but I haven't tried).
> - APR isn't used at all.

There's indeed a cut & paste error (the default ports for HTTP and
HTTPS are inverted), so you need to add an extra '!':

  Index: Http11AprProcessor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- Http11AprProcessor.java	13 Jul 2005 13:03:51 -0000	1.25
  +++ Http11AprProcessor.java	25 Jul 2005 15:32:48 -0000	1.26
  @@ -1422,8 +1422,8 @@
           }
   
           if (colonPos < 0) {
  -            if (ssl) {
  -                // 80 - Default HTTTP port
  +            if (!ssl) {
  +                // 80 - Default HTTP port
                   request.setServerPort(80);
               } else {
                   // 443 - Default HTTPS port


Using proxyPort="443" should be a decent workaround.

-- 
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org