Hi,
Our configuration:
> RH 5.2 Intel
> JServ 1.1.1b
> JDK 1.2.2 RC4 Blackdown
> mod_ssl-2.6.4-1.3.12
> openssl-0.9.5a
> apache_1.3.12
I am working on a servlet-based interface for the access of the
Research Press Journals (http://www.nrc.ca/cisti/journals) of the
National Research Council Canada (for those asking about production sites
using jserv, mod_ssl, openssl, ours is one...).
I am running into a problem: the servlet manages access to the
journal articles (IP and domain site licensing, personal
subscriptions, and credit card sales "Pay-Per-View"). If your IP is
covered by an IP or domain site license (checked by the servlet by
chacking in an LDAP - OpenLDAP), then the servlet gets the PDF for the
article and sends it to your browser. If it does not, then it presents
a web page showing one form for subscribers (top half) where they can
put in their userid/password to the article; or, for users who do not
fall in to the above categories, a button which takes you to a form
which allows you to buy that particular article with you credit card.
Now, clearly the credit card form and its subsequent processing should
occur in an SSL environment. So, the button from the first page is as
follows:
<form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
accept-charset="ISO-8859-1"
enctype="application/x-www-form-urlencoded" method="POST">
This will prompt you to accept the certificate (we are our own
signing authority) and then presents you with the form to fill in your
credit card info. This form has the following form:
<form action="https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc"
accept-charset="ISO-8859-1"
enctype="application/x-www-form-urlencoded" method="POST">
However, when this form is submitted, Apache is not happy and
redirects you to an insecure page saying:
> Bad Request
>
> Your browser sent a request that this server could not understand.
>
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please.
>
> Hint: https://fin.cisti.nrc.ca:443/
>
>
> Apache/1.3.12 Server at fin.cisti.nrc.ca Port 443
>
My access.log:
> orca.cisti.nrc.ca - - [17/May/2000:18:11:03 -0400] "GET
> /mod_ssl:error:HTTP-request HTTP/1.0" 400 535
My error.log
> [Thu May 18 06:52:18 2000] [error] mod_ssl: SSL handshake failed: HTTP spoken on
>HTTPS port; trying to send HTML error page (OpenSSL library error follows)
But my form post did have the right URL!!! Can anyone tell me what is
happening? If you want to try this out, just go to:
http://fin.cisti.nrc.ca/rpppv/RPViewDoc?_handler_=HandleInitialGet&journal=cjp&volume=78&articleFile=p99-076.pdf
Make sure you click on the button on the bottom of the first page, and
then submit the form you get (asking you for credit card
information...)
If you can tell me what is going wrong, I would really appreciate
it...
Oh and BTW, I have tried a variety of things:
1 - made the second FORM url relative
2 - made the second FORM WITHOUT the ':443'
If you can tell me what is going wrong, I would really appreciate
it...
thanks,
glen
PS. Here is a portion of my httpd.conf (pretty vanilla)...:
> # Port: The port to which the standalone server listens. For
> # ports < 1023, you will need httpd to be run as root initially.
> #
> Port 80
>
> ##
> ## SSL Support
> ##
> ## When we also provide SSL we have to listen to the
> ## standard HTTP port (see above) and to the HTTPS port
> ##
> <IfDefine SSL>
> Listen 80
> Listen 443
> </IfDefine>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
