https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #45 from Reindl Harald ---
Thank you!
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail:
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Graham Leggett changed:
What|Removed |Added
Resolution|--- |FIXED
Status|REOPENED
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #43 from Reindl Harald ---
i don't see much issues here because it just works all the time and with the
patch even the correct port is reported over the whole stack
> support for a facility which does not and cannot exist during
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #42 from William A. Rowe Jr. ---
I see a lot of conflated issues here.
The crux is that
1. A VirtualHost has one and only one port in httpd. This can be fixed in the
next major release with a list of possible ports and moving the
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Rainer Jung changed:
What|Removed |Added
Resolution|FIXED |---
Status|RESOLVED
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #40 from Reindl Harald ---
is there any *technical* reason that the perfectly working
"factor-out-logic-to-determine-if-request-is-using-ssl-tls.patch" was not
included in 2.4.34?
--
You are receiving this mail because:
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #39 from Eric Covener ---
(In reply to Yann Ylavic from comment #37)
> (In reply to Reindl Harald from comment #36)
> >
> > i simply don't understand why he steps in and argues back and forth with no
> >
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #38 from Reindl Harald ---
please see the first comment
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519#c1 which pretty much
explains "even if it's not the way you'd like to" from the begin
when
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #37 from Yann Ylavic ---
(In reply to Reindl Harald from comment #36)
>
> i simply don't understand why he steps in and argues back and forth with no
> intention to get it fixed but talking only about all
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #36 from Reindl Harald ---
@Yann Ylavic
> If you don't want help from the *team*
this is simply not true - it's only about the back and forth discussion of Eric
in this bugreport with no intention to get
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #35 from Eric Covener ---
(In reply to Reindl Harald from comment #32)
> @Eric Covener:
>
>
> > I think I've been more than civil to you _despite_ your name.
> > You are incapable of inoffensive,
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #34 from Yann Ylavic ---
OK, but I kind of regret to have provided this patch now.
If you don't want help from the *team*, you won't get it anymore since, as Eric
said, you don't do much by yourself either.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Reindl Harald changed:
What|Removed |Added
Resolution|--- |FIXED
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #32 from Reindl Harald ---
@Eric Covener:
> I think I've been more than civil to you _despite_ your name.
> You are incapable of inoffensive, non-hysterical technical discussion
your whole argumentation
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #31 from Yann Ylavic ---
Created attachment 35875
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35875=edit
r1829250 against 2.4.33
Commit from comment 27 which applies to 2.4.33.
--
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #30 from Eric Covener ---
(In reply to Reindl Harald from comment #26)
> @Joe Orton thank you for step in
>
> @Eric Covener
>
> > Seems like 'Header edit' ought to work
>
> that would be a config which don't
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #29 from Reindl Harald ---
sorry but "but you'll probably need to adjust it for 2.4" is above my scope of
get the behavior of 2.4.33 fixed with a rpm-rebuild
+ echo 'Patch #4
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #28 from Joe Orton ---
Try
https://github.com/apache/httpd/commit/8bfdfb336ad229380adc307265c78942d859787d.patch
but you'll probably need to adjust it for 2.4
--
You are receiving this mail because:
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #27 from Reindl Harald ---
@Joe Orton
https://svn.apache.org/viewvc?view=revision=1829250
do i have too less coffee or is there no option to download the patch as a file
for rpmbuild's %patch macro?
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #26 from Reindl Harald ---
@Joe Orton thank you for step in
@Eric Covener
> Seems like 'Header edit' ought to work
that would be a config which don't solve the problem because it would redirect
to https
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #25 from Joe Orton ---
Reindl, please try the patch from r1829250
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #24 from Joe Orton ---
Possibly those two hooks should use the same logic as ssl_hook_Fixup
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled ==
SSL_ENABLED_OPTIONAL)) && sslconn && (ssl =
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Eric Covener changed:
What|Removed |Added
Status|NEW |NEEDINFO
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #22 from Reindl Harald ---
i try to explain it step by step:
* https://example.com/cms
* httpd redirects *before* any script to http://example.com/cms/
* after that 'index.php' is called the first time
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Reindl Harald changed:
What|Removed |Added
Status|NEEDINFO|NEW
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Eric Covener changed:
What|Removed |Added
Severity|critical|normal
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #19 from Luca Toscano ---
(In reply to Reindl Harald from comment #18)
>
> and *no* there is no valid reason when "HTTPS on" is correctly set within
> httpd that this rediect goes to http:// - would you
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #18 from Reindl Harald ---
> If you just wanted them to connect over TLS to port 443 you
> wouldn't bother with explicitly enabling STARTTLS
the whole point of the config is to have one instead two mostly
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #17 from Eric Covener ---
(In reply to Reindl Harald from comment #16)
> even if - how does that justify a redirect from https://exmaple.com/cms to
> http://example.com/cms/ which is a *downgrade* to unecrypted
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #16 from Reindl Harald ---
even if - how does that justify a redirect from https://exmaple.com/cms to
http://example.com/cms/ which is a *downgrade* to unecrypted instead a *uprade*
to TLS
--
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #15 from Eric Covener ---
> anyways, i stell need to see any client that is using STARTTLS you are
> talking the whole time about for http - when you type
> "https://example.com/directory; there is no STARTTLS at
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #14 from Reindl Harald ---
> It works for nearly everyone else
that's just an opinion - "nearly everyone else" don't look on the details and
mostly don't figure out from where random problems are coming or
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #13 from Eric Covener ---
(In reply to Reindl Harald from comment #12)
> i doubt that "SSLengine optional" is STARTTLS, for sure not when you type
> https:// in your browser - anyways, irrelevant, the port is
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #12 from Reindl Harald ---
i doubt that "SSLengine optional" is STARTTLS, for sure not when you type
https:// in your browser - anyways, irrelevant, the port is just plain wrong
because with https:// the
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #11 from Eric Covener ---
(In reply to Reindl Harald from comment #10)
> HTTPS on
> REQUEST_SCHEME http
To recap, when you handshake with an "SSLEngine on" vhost then your request is
handled by an "SSLEngine
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Reindl Harald changed:
What|Removed |Added
Status|NEEDINFO|NEW
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #9 from Reindl Harald ---
it IS worth when you have some hundrets of virtual hosts on dozens of machines
which all have php_admin_value settings for open_basedir and so on and as we do
migrate to
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #8 from Eric Covener ---
> this bug makes this impossible because server-variables like
> $_SERVER['SERVER_PORT'] giving 80 instead 443 to the script it's even not
> possible to form a full-qualified URL within
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #7 from Reindl Harald ---
practical example:
the folder /cms/ contains a "index.php" with header('Location: ../cms.php');
when you call the url with the traiing slash the relative redirect is
sent-as-is to
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #6 from Reindl Harald ---
i can remember that you need at least *one* default host with "SSLEngine On" to
make mod_ssl initialize correctly and the others than can be combined ones
[root@srv-rhsoft:~]$ cat
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #5 from Eric Covener ---
(In reply to Reindl Harald from comment #4)
> nothing special here, a lot of vhosts configured that way on Fedora 26 /
> Fedora 27 and it works also for any client as well as
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #4 from Reindl Harald ---
nothing special here, a lot of vhosts configured that way on Fedora 26 / Fedora
27 and it works also for any client as well as https://www.ssllabs.com/ssltest/
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Eric Covener changed:
What|Removed |Added
Status|NEW |NEEDINFO
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #2 from Reindl Harald ---
can we PLEASE get this bug fixed since it's root cause has a lot of
implications
in PHP header('Location: /something.php');on a site where you already are
connected via https://
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
Reindl Harald changed:
What|Removed |Added
Severity|normal |critical
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #1 from Reindl Harald ---
my connection is for sure https:// because of the mod_rewrite and finally HSTS
phpinfo():
SERVER_PORT 80
ServerName www.rhsoft.net
SSLEngine Optional
SSLUseStapling On
46 matches
Mail list logo