httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 60695] httpd throws error 400 "malformed request line" if mod_ssl enabled and connecting with openssl s_client on a linux terminal
Date Mon, 06 Feb 2017 18:58:32 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=60695

Eric Covener <covener@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #5 from Eric Covener <covener@gmail.com> ---
(In reply to Gunnar Lukas from comment #4)
> Hi,
> 
> found out that commenting out the snipplet
> 
>     if (crlf && (last_char <= *s || last_char[-1] != APR_ASCII_CR)) {
>         *last_char = '\0';
>         bytes_handled = last_char - *s;
>         *read = bytes_handled;
>         return APR_EINVAL;
>     }
> 
> which went into protocol.c with revision 1772678 does help to make it work
> for me with ssl again. This turns the request to error code 400 while the
> request is a valid one. Is it possible, that there is now a difference
> between using "openssl s_client" and telnet while talking to apache?

A security fix rejects non CR LF line endings.

     status-line = HTTP-version SP status-code SP reason-phrase CRLF

It's not a valid request when typed into s_client because the line ending is
not CRLF.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message