DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29744>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 connect method don't work on ssl sockets ------- Additional Comments From [EMAIL PROTECTED] 2004-07-09 19:44 ------- I have this problem also, let me explain a little bit further. I have configured apache/mod_proxy to allow CONNECT requests to port 25 (and I have an http server on port 80 and an https server on port 443). On port 80 there is no problem: ---- transcript ---- > telnet <server> 80 Trying 192.168.2.2... Connected to server. Escape character is '^]'. CONNECT localhost:25 HTTP/1.0 HTTP/1.0 200 Connection Established Proxy-agent: Apache/2.0.49 (Gentoo/Linux) mod_ssl/2.0.49 OpenSSL/0.9.7d DAV/2 SVN/1.0.4 220 <server> ESMTP Postfix ---- When I do the same (using openssl s_client as ssl-aware telnet) on port 443, something interesting happens: ---- >openssl s_client -connect server:443 -debug [SNIP] CONNECT localhost:25 HTTP/1.0 write to 080ADC10 [080B8098] (106 bytes => 106 (0x6A)) 0000 - 17 03 00 00 20 be 08 8a-42 af f3 ee 82 a3 ca f2 .... ...B....... 0010 - 49 9a 74 f1 d4 28 f1 9e-3f 47 21 32 8a 7b 3b 85 I.t..(..?G!2.{;. 0020 - e5 03 11 8e 34 17 03 00-00 40 93 02 51 1d d9 86 [EMAIL PROTECTED] 0030 - 19 a2 bd ee 51 d2 75 39-ce 2c 8e 3f 7c 0f b1 26 ....Q.u9.,.?|..& 0040 - b0 43 5b 4b 25 5e 93 3d-f4 bb 0a 23 29 d5 25 49 .C[K%^.=...#).%I 0050 - 2f 61 46 c7 84 f9 ac cd-a4 77 e6 9e 74 09 60 2f /aF......w..t.`/ 0060 - f2 13 af ef f0 46 7c 61-60 e3 .....F|a`. write to 080ADC10 [080B8098] (74 bytes => 74 (0x4A)) 0000 - 17 03 00 00 20 0c 0d 67-8e 91 3e f8 ed b0 19 97 .... ..g..>..... 0010 - 57 9d 84 b0 ff d4 ed 92-cb 4f a0 48 19 9a cb 2b W........O.H...+ 0020 - 0d 0e 74 f3 82 17 03 00-00 20 7c a3 fb 93 7c ef ..t...... |...|. 0030 - 90 e2 ce bd 40 21 34 b9-17 40 58 7e 0a f8 b0 1d [EMAIL PROTECTED]@X~.... 0040 - ed 65 1e cd a8 9b 49 52-cf c4 .e....IR.. read from 080ADC10 [080B3888] (5 bytes => 5 (0x5)) 0000 - 48 54 54 50 2f HTTP/ write to 080ADC10 [080B8098] (37 bytes => 37 (0x25)) 0000 - 15 54 54 00 20 3b 18 d2-4b 20 6f 47 59 c5 84 99 .TT. ;..K oGY... 0010 - 6d d6 14 ac c7 e2 c9 03-b2 89 22 dd 4c 29 52 b7 m.........".L)R. 0020 - 14 94 34 ec 53 ..4.S 2069:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:2 86: write to 080ADC10 [080B8098] (37 bytes => 37 (0x25)) 0000 - 15 54 54 00 20 60 90 0f-be 91 f6 5e c7 ea 5a 14 .TT. `.....^..Z. 0010 - 93 23 97 de ac ac 00 6c-8a c6 d0 74 88 3f 96 cf .#.....l...t.?.. 0020 - 46 5b 80 c9 d9 F[... So the CONNECT request is sent to the server. It is received (according to ssl_request_log) and accepted (according to ssl_access_log). The ssl client bails out with an error because apache sends nonsense. Speculation: the nonsense is "HTTP/" (as seen in the debug output above). It seems that apache/mod_proxy is bypassing the ssl encryption and is answering unencrypted. Since https is supposed to be 'http over ssl', the ssl encryption should not be bypassed and be maintained until the connection is closed. I hope this description is helpful. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
