Re: Tomcat 5.5.10: APR-SSL generates wrong 302 response

Mon, 25 Jul 2005 08:39:13 -0700 

On 7/25/05, Markus Schönhaber <[EMAIL PROTECTED]> wrote:
> Hello!
> 
> I've configured Tomcat 5.5.10 to use APR. The HTTP-Connector listens on port
> 80, the HTTPS-Connector listens on port 443. A request for
> https://www/tomcat-docs
> generates the following response:
> 
> GET /tomcat-docs HTTP/1.1
> Host: www
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.8b4) Gecko/20050721
> Firefox/1.0+
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> 
> HTTP/1.x 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> Location: https://www:80/tomcat-docs/
> Transfer-Encoding: chunked
> Date: Mon, 25 Jul 2005 11:57:39 GMT
> 
> Obviously this doesn't work since since the redirection response tells the
> browser to connect to the HTTP port using HTTPS.
> This problem does *not* occur if:
> - The request is for https://www/tomcat-docs/ (no surprise since no redirect
> response is generated in this case).
> - The HTTPS-Connector is configured to listen on port 8443 (or propably any
> other non-standard HTTPS-port - but I haven't tried).
> - APR isn't used at all.

There's indeed a cut & paste error (the default ports for HTTP and
HTTPS are inverted), so you need to add an extra '!':

  Index: Http11AprProcessor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- Http11AprProcessor.java   13 Jul 2005 13:03:51 -0000      1.25
  +++ Http11AprProcessor.java   25 Jul 2005 15:32:48 -0000      1.26
  @@ -1422,8 +1422,8 @@
           }
   
           if (colonPos < 0) {
  -            if (ssl) {
  -                // 80 - Default HTTTP port
  +            if (!ssl) {
  +                // 80 - Default HTTP port
                   request.setServerPort(80);
               } else {
                   // 443 - Default HTTPS port


Using proxyPort="443" should be a decent workaround.

-- 
xxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to