tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Bek Jensen <...@itplus.dk>
Subject servlet isSecure() patch when forwarding key_size
Date Tue, 04 Jun 2002 12:31:10 GMT
Hi all

I have been working on a setup where an Apache webserver 1.3.24 is handling an 
SSL connection with a client. The Apache server is connected to a Tomcat server 
4.0.3 installed using the .exe file. The Apache server have mod_jk (from a 
Tomcat 3.3) installed and is communicating with the Tomcat using ajp13 protocol.

By reading the source code for mod_jk I found that to be able to forward the 
SSL key length used by the client you had to set the following options in your 
httpd.conf file:

JkKEYSIZEIndicator SSL_CIPHER_USEKEYSIZE
JkOptions +ForwardKeySize

But when setting the JkOptions, Tomcat is suddenly reporting that my connection 
is no longer secure - that is the isSecure() method is false in my servlet.

Looking in the source code for jakarta-tomcat-
connectors/jk/java/org/apache/ajp/RequestHandler.java I could see that when the 
key length is forwarded the isSecure attribute is not set to true.
In the switch clause the handling for SC_A_SSL_KEY_SIZE is returning 200 
instead of just doing a break, like all the other cases and is not setting 
isSSL to true!

Attached is a patch that fixes the problem on my setup. Can this patch be used?

Brian Bek Jensen, M.Sc.
 
IT+ A/S
Brendstrupgårdsvej 7
8200 √Örhus N
Denmark
 
Phone: +45 86 78 21 00
Fax: +45 86 78 21 02
Direct: +45 87 40 08 45
Email: bbj@itplus.dk
WWW: http://www.itplus.dk
 
A member of TietoEnator Corporation - Finance sector
 
Mime
View raw message