https://bz.apache.org/bugzilla/show_bug.cgi?id=60695
Eric Covener <cove...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #5 from Eric Covener <cove...@gmail.com> ---
(In reply to Gunnar Lukas from comment #4)
> Hi,
>
> found out that commenting out the snipplet
>
> if (crlf && (last_char <= *s || last_char[-1] != APR_ASCII_CR)) {
> *last_char = '\0';
> bytes_handled = last_char - *s;
> *read = bytes_handled;
> return APR_EINVAL;
> }
>
> which went into protocol.c with revision 1772678 does help to make it work
> for me with ssl again. This turns the request to error code 400 while the
> request is a valid one. Is it possible, that there is now a difference
> between using "openssl s_client" and telnet while talking to apache?
A security fix rejects non CR LF line endings.
status-line = HTTP-version SP status-code SP reason-phrase CRLF
It's not a valid request when typed into s_client because the line ending is
not CRLF.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
