DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41231>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41231 Summary: SSL: using connection: upgrade leaves plaintext from PHP in reply Product: Apache httpd-2 Version: 2.2.3 Platform: PC OS/Version: Linux Status: UNCONFIRMED Keywords: TryAgain Severity: major Priority: P3 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I'm issuing a request: GET /index.php HTTP/1.1 Host: localhost Upgrade: TLS/1.0 Connection: upgrade And my client crashes because it can't parse the plaintext given back by index.php (which contains <?php for ($i = 0; $i < 10; $i++) echo "foobar"; ?>). In strace it's clearly visible: [pid 16349] recv(8, "\24\3\1\0\1\1\26\3\1\0000f\212W\335\273\16L\352\357\3054\32\204\311\376 \264a4l\3670\17\303e\224\202\370!\361\271\311\320\360\356\210ZN\255w\314 ~\351\377=}\250irfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar", 2048, 0) = 119 If an OPTION * HTTP/1.1-request is sent before, it correctly switches and processes the next request. You can reproduce it by using tlsupgrade.c: Get http://people.apache.org/~bnicholes/tlsupgrade/tlsupgrade.c Compile it with gcc -lssl -o tlsupgrade tlsupgrade.c Run it using: strace -s 2048 ./tlsupgrade http://localhost/index.php SSLEngine needs to be set to optional for the vhost (on port 80). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
