servlet isSecure() patch when forwarding key_size

Tue, 04 Jun 2002 14:24:58 -0700 

Hi all

I have been working on a setup where an Apache webserver 1.3.24 is handling an 
SSL connection with a client. The Apache server is connected to a Tomcat server 
4.0.3 installed using the .exe file. The Apache server have mod_jk (from a 
Tomcat 3.3) installed and is communicating with the Tomcat using ajp13 protocol.

By reading the source code for mod_jk I found that to be able to forward the 
SSL key length used by the client you had to set the following options in your 
httpd.conf file:

JkKEYSIZEIndicator SSL_CIPHER_USEKEYSIZE
JkOptions +ForwardKeySize

But when setting the JkOptions, Tomcat is suddenly reporting that my connection 
is no longer secure - that is the isSecure() method is false in my servlet.

Looking in the source code for jakarta-tomcat-
connectors/jk/java/org/apache/ajp/RequestHandler.java I could see that when the 
key length is forwarded the isSecure attribute is not set to true.
In the switch clause the handling for SC_A_SSL_KEY_SIZE is returning 200 
instead of just doing a break, like all the other cases and is not setting 
isSSL to true!

Attached is a patch that fixes the problem on my setup. Can this patch be used?

Brian Bek Jensen, M.Sc.
 
IT+ A/S
Brendstrupgårdsvej 7
8200 Århus N
Denmark
 
Phone: +45 86 78 21 00
Fax: +45 86 78 21 02
Direct: +45 87 40 08 45
Email: [EMAIL PROTECTED]
WWW: http://www.itplus.dk
 
A member of TietoEnator Corporation - Finance sector
 
Index: RequestHandler.java
===================================================================
RCS file: 
/home/cvspublic/jakarta-tomcat-connectors/jk/java/org/apache/ajp/RequestHandler.java,v
retrieving revision 1.13
diff -u -r1.13 RequestHandler.java
--- RequestHandler.java 29 May 2002 21:51:22 -0000      1.13
+++ RequestHandler.java 4 Jun 2002 12:15:37 -0000
@@ -397,9 +397,10 @@
                 break;
 
            case SC_A_SSL_KEY_SIZE: // Ajp13 !
+                isSSL = true;
                req.setAttribute("javax.servlet.request.key_size",
                                 Integer.toString(msg.getInt()));
-               return 200;
+                break;
            default:
                 // Ignore. Assume a single-string value - we shouldn't
                 // allow anything else.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to