httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: Patch for bug 18757 breaks TLS upgrade - [Content-Length is removed from HEAD requests]
Date Tue, 07 Dec 2004 18:01:13 GMT
>I tested the TLS upgrade stuff last week and it failed because the
>zero-length chunk to terminate the OPTIONS response was not sent
through
>the mod_ssl output filter; is that the same problem you see?

I don't think so.  I can make everything work again by simply allowing
the "Content-Length: 0" header to be sent through.  I'm not sure what
impact that header has on the rest of mod_ssl.  Obviously by removing
it, it causes mod_ssl to *not* do something it was suppose to.  My guess
is that if the zero-length chunk that terminates the OPTIONS response is
not being sent, it is probably a result of mod_ssl not seeing a
content-length header.

BTW, what are you using to test TLS Upgrade with?

Brad  


>>> jorton@redhat.com Tuesday, December 07, 2004 10:39:04 AM >>>
On Tue, Dec 07, 2004 at 10:14:28AM -0700, Brad Nicholes wrote:
>   It appears that the patch for bug 18757 which disallows a
> content-length header for all requests with a content-length of 0 is
too
> broad.  
...
> 
> The bug simply says that the content-length should be removed just
for
> HEAD requests.  By removing it for all requests including an OPTIONS
> requests, causes the SSL handshake to fail after a TLS upgrade
(somebody
> with more knowledge of SSL would have to explain why).  According to
the

I tested the TLS upgrade stuff last week and it failed because the
zero-length chunk to terminate the OPTIONS response was not sent
through
the mod_ssl output filter; is that the same problem you see?

The problem was that r->connection->output_filters had been correctly
adjusted to use the SSL output filter but r->output_filters had not,
which looks purely like an issue in mod_ssl.

joe

> bugzilla report, this patch didn't completely resolve the issue
anyway. 
> I will be reverting the patch shortly unless somebody has a better
fix.
> 
> Brad

Mime
View raw message