On Tue, Mar 09, 1999, Axel Findling wrote:
> On Tue, 9 Mar 1999, Ralf S. Engelschall wrote:
>
> > One more question: I'm still testing and discovered that the I/O error could
> > be perhaps some regular HTTP (e.g. "450 Method POST not allowed") error which
> > just leads to this wrong error message in Netscape. I'm not sure, but where
> > can I access your /testtool script via HTTP instead of HTTPS, Axel?
> >
> > I've tried http://intern.lrz-muenchen.de:7080/testtool, but for this a
> > password is needed. Can you please allow me access to the stuff via HTTP, too?
> > Because I've to compare the HTTP responses under plain HTTP and HTTPS.
>
> i've done it:
> http://intern.lrz-muenchen.de:7080/testtool
> should work!
Thanks. I've now traced both plain HTTP and HTTPS via s_client and and least
found the essential differnece. As it looks, the POST response is dropped
inside Apache under HTTPS while it works fine under HTTP.
For plain HTTP I get:
| $ socket intern.lrz-muenchen.de 7080
| POST /testtool HTTP/1.0
| Connection: Keep-Alive
| User-Agent: Mozilla/4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
| Host: intern.lrz-muenchen.de:7443
| Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
| Accept-Encoding: gzip
| Accept-Language: en
| Accept-Charset: iso-8859-1,*,utf-8
| Content-type: application/x-www-form-urlencoded
| Content-length: 5
|
| test=
| HTTP/1.1 200 OK
| Date: Tue, 09 Mar 1999 14:38:33 GMT
| Server: Apache/1.3.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.1c
| Connection: close
| Content-Type: text/html
|
| <FORM method="POST" action="/testtool">
| <p>Input: <input name="PW">
| </FORM>
| $
For HTTPS I get:
| $ openssl s_client -connect intern.lrz-muenchen.de:7443 -state
| :
| POST /testtool HTTP/1.0
| Connection: Keep-Alive
| User-Agent: Mozilla/4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
| Host: intern.lrz-muenchen.de:7443
| Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
| Accept-Encoding: gzip
| Accept-Language: en
| Accept-Charset: iso-8859-1,*,utf-8
| Content-type: application/x-www-form-urlencoded
| Content-length: 5
|
| test=
| SSL3 alert read:warning:close notify
| closed
| SSL3 alert write:warning:close notify
| $
And the SSL close notify alert _before_ any HTTP response is received leads to
the I/O error in Netscape - as expected. Although Netscape also has a
"received no data" popup dialog box and I expected to see this one. At least
the "I/O error during security authentication" message is bogus.
Now my problem is: Why to the hell is the response dropped inside Apache...
I'll investigate more when I find time today or tomorrow.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
