Re: [Mongrel] Mongrel HTTP Header Problem

[Michael Parkin]

Hi Zed,

Thanks for the reply. I'm new to Ruby, Mongrel, Rails, etc. So please
bear with me...

On 10/12/06, Zed A. Shaw <[EMAIL PROTECTED]> wrote:

> You have some need to send the client's certificate in a bizarre header?  Ok, 
> before I go about answer your question you should probably explain what it is 
> you're trying to do with this.  There might be a simpler way.

Actually, no - I don't have any use for this header that Pound sends
Mongrel. But, AFAIK there's no way to remove it from the headers Pound
sends (ok, I could go in an hack Pound's source, but I want to have
standard code on my boxes...)

> If you work up a test case that demonstrates it (preferably a patch to the 
> mongrel tests) then I can fix it up.

ok, as I've said I'm new to Ruby and I'm using developing this
application as a way to learn. This may take some time!

> One thing you didn't do is give me information from the mongrel.log.  There 
> should have been BAD CLIENT information in there.

There's nothing in mongrel.log apart from the standard startup blurb. I.e:

** Daemonized, any open files are closed.  Look at log/mongrel.pid and
log/mongrel.log for info.
** Starting Mongrel listening at 127.0.0.1:3000
...
** Writing PID file to log/mongrel.pid

> You also didn't turn on USR1 logging so that Mongrel dumps the whole request 
> that caused BAD CLIENT errors.  If you do send in a test case then include 
> this information too.

Thanks for the USR1 tip: when I turn on USR1 I get the output at the
bottom of the email. Is it the \r\n\t's in the "X-SSL-certificate"
header that's the problem here?

Thanks again,

Michael.

** USR1 received, toggling $mongrel_debug_client to true
Thu Oct 12 11:04:48 +0100 2006: BAD CLIENT (127.0.0.1): Invalid HTTP
format, parsing fails.
Thu Oct 12 11:04:48 +0100 2006: REQUEST DATA: "GET /
HTTP/1.1\r\nUser-Agent: curl/7.13.1 (powerpc-apple-darwin8.0)
libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3\r\nHost:
127.0.0.1:3001\r\nPragma: no-cache\r\nAccept:
*/*\r\nX-Forwarded-Proto: https\r\nX-SSL-Subject:         C = xx, O =
xx, OU = xx, L = xx, CN = michael parkin\r\nX-SSL-Issuer:         C =
UK, O = eScience, OU = Authority, CN = CA, emailAddress =
[EMAIL PROTECTED]: Jun 19 12:10:30
2006 GMT\r\nX-SSL-notAfter: Jun 19 12:10:30 2007 GMT\r\nX-SSL-serial:
8061\r\nX-SSL-certificate: -----BEGIN
CERTIFICATE-----\r\n\tMIIFbTCCBFWgAwIBAgICH4cwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVUsx\r\n\tETAPBgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMT\r\n\tAkNBMS0wKwYJKoZIhvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMu\r\n\tdWswHhcNMDYwNzI3MTQxMzI4WhcNMDcwNzI3MTQxMzI4WjBbMQswCQYDVQQGEwJV\r\n\tSzERMA8GA1UEChMIZVNjaWVuY2UxEzARBgNVBAsTCk1hbmNoZXN0ZXIxCzAJBgNV\r\n\tBAcTmrsogriqMWLAk1DMRcwFQYDVQQDEw5taWNoYWVsIHBhcmQYJKoZIhvcNAQEB\r\n\tBQADggEPADCCAQoCggEBANPEQBgl1IaKdSS1TbhF3hEXSl72G9J+WC/1R64fAcEF\r\n\tW51rEyFYiIeZGx/BVzwXbeBoNUK41OK65sxGuflMo5gLflbwJtHBRIEKAfVVp3YR\r\n\tgW7cMA/s/XKgL1GEC7rQw8lIZT8RApukCGqOVHSi/F1SiFlPDxuDfmdiNzL31+sL\r\n\t0iwHDdNkGjy5pyBSB8Y79dsSJtCW/iaLB0/n8Sj7HgvvZJ7x0fr+RQjYOUUfrePP\r\n\tu2MSpFyf+9BbC/aXgaZuiCvSR+8Snv3xApQY+fULK/xY8h8Ua51iXoQ5jrgu2SqR\r\n\twgA7BUi3G8LFzMBl8FRCDYGUDy7M6QaHXx1ZWIPWNKsCAwEAAaOCAiQwggIgMAwG\r\n\tA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMA4GA1UdDwEB/wQEAwID6DAs\r\n\tBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIFVzZXIgQ2VydGlmaWNhdG
 
UwHQYD\r\n\tVR0OBBYEFDTt/sf9PeMaZDHkUIldrDYMNTBZMIGaBgNVHSMEgZIwgY+AFAI4qxGj\r\n\tloCLDdMVKwiljjDastqooXSkcjBwMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNj\r\n\taWVuY2UxEjAQBgNVBAsTCUF1dGhvcml0eTELMAkGA1UEAxMCQ0ExLTArBgkqhkiG\r\n\t9w0BCQEWHmNhLW9wZXJhdG9yQGdyaWQtc3VwcG9ydC5hYy51a4IBADApBgNVHRIE\r\n\tIjAggR5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswGQYDVR0gBBIwEDAO\r\n\tBgwrBgEEAdkvAQEBAQYwPQYJYIZIAYb4QgEEBDAWLmh0dHA6Ly9jYS5ncmlkLXN1\r\n\tcHBvcnQuYWMudmT4sopwqlBWsvcHViL2NybC9jYWNybC5jcmwwPQYJYIZIAYb4QgEDBDAWLmh0\r\n\tdHA6Ly9jYS5ncmlkLXN1cHBvcnQuYWMudWsvcHViL2NybC9jYWNybC5jcmwwPwYD\r\n\tVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQt5hYy51ay9wdWIv\r\n\tY3JsL2NhY3JsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAS/U4iiooBENGW/Hwmmd3\r\n\tXCy6Zrt08YjKCzGNjorT98g8uGsqYjSxv/hmi0qlnlHs+k/3Iobc3LjS5AMYr5L8\r\n\tUO7OSkgFFlLHQyC9JzPfmLCAugvzEbyv4Olnsr8hbxF1MbKZoQxUZtMVu29wjfXk\r\n\thTeApBv7eaKCWpSp7MCbvgzm74izKhu3vlDk9w6qVrxePfGgpKPqfHiOoGhFnbTK\r\n\twTC6o2xq5y0qZ03JonF7OJspEd3I5zKY3E+ov7/ZhW6DqT8UFvsAdjvQbXyhV8Eu\r\
 
n\tYhixw1aKEPzNjNowuIseVogKOLXxWI5vAi5HgXdS0/ES5gDGsABo4fqovUKlgop3\r\n\tRA==\r\n\t-----END
CERTIFICATE-----\r\nX-SSL-cipher: AES256-SHA              SSLv3 Kx=RSA
     Au=RSA  Enc=AES(256)  Mac=SHA1\r\nX-Forwarded-For:
xxx.xxx.xxx.xxx\r\n\r\n"
---
PARAMS: {"HTTP_X_SSL_NOTBEFORE"=>"Jun 19 12:10:30 2006 GMT",
"HTTP_USER_AGENT"=>"curl/7.13.1 (powerpc-apple-darwin8.0)
libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3",
"HTTP_HOST"=>"127.0.0.1:3001", "HTTP_X_SSL_ISSUER"=>"C = UK, O =
eScience, OU = Authority, CN = CA, emailAddress =
[EMAIL PROTECTED]", "REQUEST_PATH"=>"/",
"HTTP_VERSION"=>"HTTP/1.1", "HTTP_X_SSL_CERTIFICATE"=>"-----BEGIN
CERTIFICATE-----", "REQUEST_URI"=>"/", "HTTP_X_SSL_NOTAFTER"=>"Jun 19
12:10:30 2007 GMT", "HTTP_X_FORWARDED_PROTO"=>"https",
"HTTP_PRAGMA"=>"no-cache", "HTTP_X_SSL_SERIAL"=>"8071",
"HTTP_X_SSL_SUBJECT"=>"C = xx, O = xx, OU = xx, L = xx, CN = michael
parkin", "HTTP_ACCEPT"=>"*/*", "REQUEST_METHOD"=>"GET"}
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users