DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43711>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43711 ------- Additional Comments From [EMAIL PROTECTED] 2007-10-29 17:49 ------- Results of testing this using the trunk version of the source code + the patch. A 401 was returned instead of the 100 continue, so that is good. But when the PUT request with the auth header was sent by the client on that connection, the server's state seemed to be all wrong. Looking at the hex dump of the 401 response returned by the server, it looks like the last chunk of the response (the 401 response has Transfer-encoding = chunked) with 0 length and the CRLF was not sent by the server so the 401 response sent by the server is actually incomplete. Test 1 - PUT request for resource that requires authentication - Result is NOT OK ===> sending the request with out the Auth header PUT /secret/test.html HTTP/1.1 Host: 10.10.10.1:8080 Expect: 100-continue Date: Mon, 15 Oct 2007 20:05:24 GMT Connection: Keep-Alive Content-Length: 49 Content-Type: application/octet-stream HTTP/1.1 401 Authorization Required Date: Tue, 30 Oct 2007 00:04:18 GMT Server: Apache/2.3.0-dev (Unix) WWW-Authenticate: Basic realm="secret_access" Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 192 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> ===> NOTE - the 0 length chunk was not sent. ===> sending the request WITH the auth header PUT /secret/test.html HTTP/1.1 Host: 10.10.10.1:8080 Authorization: Basic dGVzdDp0ZXN0 Date: Mon, 15 Oct 2007 22:22:24 GMT Connection: Keep-Alive Content-Length: 49 Content-Type: application/octet-stream0 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>501 Method Not Implemented</title> </head><body> <h1>Method Not Implemented</h1> <p>8080 to /index.html not supported.<br /> ===> the server thinks the new request method is 8080 - the characters halfway through the Host header in the request. </p> </body></html> Connection closed by foreign host. Looks like even though a 401 was sent out, the server is in some weird state. If the client sends two CRs at this point this results in the server sending back a 0 length chunk. Trying a GET request on this server confirmed that this server does send a correct and complete 401 in the case of GET as shown below. GET /secret/test.html HTTP/1.1 Host: 1.1.1.1 HTTP/1.1 401 Authorization Required Date: Tue, 30 Oct 2007 00:44:15 GMT Server: Apache/2.3.0-dev (Unix) WWW-Authenticate: Basic realm="secret_access" Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 192 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> 0 Connection closed by foreign host. Test 2 - PUT request for resource that does not required authentication - OK. Same as before patch. PUT /test.html HTTP/1.1 Host: 10.10.10.1:8888 Expect: 100-continue Date: Mon, 15 Oct 2007 22:22:24 GMT Connection: Keep-Alive Content-Length: 49 Content-Type: application/octet-stream HTTP/1.1 100 Continue <html><body><h1>Secret works!</h1></body></html> HTTP/1.1 204 No Content Date: Mon, 29 Oct 2007 21:31:13 GMT Server: Apache/2.3.0-dev (Unix) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
