httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hardy Griech <nt...@mardys.de>
Subject mod_gnutls and mod_proxy (TLS termination)
Date Fri, 29 Apr 2011 08:27:16 GMT
Hi,

I'm trying to use mod_gnutls for TLS termination without success.

Relevant apache configuration lines inside the gnutls VirtualHost 
definition are:

     ProxyRequests     Off
     ProxyPreserveHost On
     ProxyPass         / http://127.0.0.1:81/
     ProxyPassReverse  / http://127.0.0.1:81/

The actual request does not arrive at its destination http server.

If I'm using netcat (nc.traditional -v -l -p 81 -o Logfile) as the  http 
server, the following happens:

- the client (web browser) sends the request
- no data arrives at netcat
- when I'm typing something like "HTTP/1.1 200 OK\n" inside
   the netcat window, then the request appears at netcat
   but with trailing garbage (15 03 02 00 02 02).
   The garbage might be part of the actual TLS data

So there are at least two obvious problems:

- the web browsers request is not transmitted to the (netcat)
   client
- the request contains some garbage

The rest (decrypting/encrypting) seems to work.

Could anybody give me some pointers how to debug the filter stages of 
mod_gnutls?

Thanks

Hardy


PS: gnutls_io.c is in most parts a copy of ssl_engine_io.c from
     apaches ssl module

PPS: actual netcat conversation
 > 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0a # HTTP/1.1 
200 OK.
< 00000000 15 03 02 00 02 02 46 47 45 54 20 2f 68 61 72 64 # ......FGET 
/hard
< 00000010 79 2f 69 6e 66 6f 2e 63 67 69 20 48 54 54 50 2f # y/info.cgi 
HTTP/
< 00000020 31 2e 31 0d 0a 48 6f 73 74 3a 20 31 30 2e 31 32 # 1.1..Host: 
10.12
< 00000030 36 2e 31 37 2e 31 0d 0a 55 73 65 72 2d 41 67 65 # 
6.17.1..User-Age
< 00000040 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 # nt: Mozilla/5.0
< 00000050 28 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b # (Windows NT 
5.1;
< 00000060 20 72 76 3a 32 2e 30 29 20 47 65 63 6b 6f 2f 32 # rv:2.0) Gecko/2
< 00000070 30 31 30 30 31 30 31 20 46 69 72 65 66 6f 78 2f # 0100101 
Firefox/
< 00000080 34 2e 30 0d 0a 41 63 63 65 70 74 3a 20 74 65 78 # 
4.0..Accept: tex
< 00000090 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 74 69 # 
t/html,applicati
< 000000a0 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 70 70 # 
on/xhtml+xml,app
< 000000b0 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 3d 30 # 
lication/xml;q=0
< 000000c0 2e 39 2c 2a 2f 2a 3b 71 3d 30 2e 38 0d 0a 41 63 # 
.9,*/*;q=0.8..Ac
< 000000d0 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 # 
cept-Language: e
< 000000e0 6e 2d 75 73 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 # 
n-us,en;q=0.5..A
< 000000f0 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 # ccept-Encoding:
< 00000100 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a 41 # gzip, 
deflate..A
< 00000110 63 63 65 70 74 2d 43 68 61 72 73 65 74 3a 20 49 # 
ccept-Charset: I
< 00000120 53 4f 2d 38 38 35 39 2d 31 35 2c 75 74 66 2d 38 # 
SO-8859-15,utf-8
< 00000130 3b 71 3d 30 2e 37 2c 2a 3b 71 3d 30 2e 37 0d 0a # 
;q=0.7,*;q=0.7..
< 00000140 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d # 
Cache-Control: m
< 00000150 61 78 2d 61 67 65 3d 30 0d 0a 58 2d 46 6f 72 77 # 
ax-age=0..X-Forw
< 00000160 61 72 64 65 64 2d 46 6f 72 3a 20 31 30 2e 31 32 # arded-For: 
10.12
< 00000170 36 2e 31 36 2e 31 30 36 0d 0a 58 2d 46 6f 72 77 # 
6.16.106..X-Forw
< 00000180 61 72 64 65 64 2d 48 6f 73 74 3a 20 31 30 2e 31 # arded-Host: 
10.1
< 00000190 32 36 2e 31 37 2e 31 0d 0a 58 2d 46 6f 72 77 61 # 
26.17.1..X-Forwa
< 000001a0 72 64 65 64 2d 53 65 72 76 65 72 3a 20 73 74 63 # 
rded-Server: stc
< 000001b0 68 70 73 35 36 39 2d 64 65 62 69 61 6e 2e 73 74 # 
hps569-debian.st
< 000001c0 63 68 2e 65 6e 64 72 65 73 73 2e 63 6f 6d 0d 0a # 
ch.endress.com..
< 000001d0 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 # Connection: 
Keep
< 000001e0 2d 41 6c 69 76 65 0d 0a 0d 0a # -Alive....
 > 00000010 53 70 69 65 6c 20 75 6e 64 20 53 70 61 73 73 0a # Spiel und 
Spass.

Mime
View raw message