tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Rumney <jrum...@att.com>
Subject Re: Tomcat 3.1 + HTTPS + redirects
Date Mon, 07 Aug 2000 11:14:48 GMT
Amos Shapira <amos.shapira@webcollage.com> writes:

> Hmm,
> 
> First, it sounds possibly like a bug since the description of
> javax.servlet.ServletRequest.getScheme() specifically lists "http" and
> "https" as examples of possible return values.
> 
> Another way, not as clean as the originally proposed solution (which I
> understand not to help), but maybe you can get the scheme and
> add an "s" to it according to the return value of
> javax.servlet.ServletRequest.isSecure()?

request.isSecure() returns false (which is probably connected to
getScheme() returning "http").  Ajp12ConnectionHandler.java does not
appear to set a secure flag, or the scheme, so unless code elsewhere is
parsing the request line and headers it appears that getScheme() will
not work in Tomcat 3.1.


> Also, are you 100% sure that https was actually used and not dropped
> due to some certificate problems and such?

I would be very surprised, and worried, if mod_ssl does such things
silently behind the back of both user and server administrator.
Certainly the logs indicate that "SSLv3 RC4-MD5" was used for the
previous POST (which the redirect is being sent in response to).



-- 
Jason Rumney <jrumney@att.com>
AT&T Labs (Redditch, UK)


Mime
View raw message