On Sat, Feb 03, 2001 at 08:29:11PM -0700, [EMAIL PROTECTED] wrote:
> Through a newbie misconfiguration I ended up trying to feed http protocol into the
>https code. I noted after I traced the code that it is spcifically written to trap
>the http commands. My question is that since this level of effort has been
>undertaken... why not just bounce out of the https routines and let apache handle it
>as http?
It is not job of the SSL handshake code to guess what protocol was actually
meant. There are more SSL enabled protocols, like imap, pop, ...
It is either job of the application to pre-check the bytes coming in
(possible, but takes a lot of additional effort) or job of the admin
to properly set it up. The author of the application could of course guess
this kind of mistake, so when the "wrong SSL version" message is sent, the
software could give a hint "wrong protocol version, maybe http on https port".
This is not my idea, it is the way mod_ssl handles this case.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
