Maarten Bosteels wrote:
Have you tried adding the SSLFilter to the filter chain of the session
_AFTER_ proxyFilter is initialised ?
Why should the SSLFilter be put after the proxy filter ? How could it
help ? IMO, the SSL handshake should occur immediately, otherwise you
will get some bad data which will traverse the proxy filter to go to the
ssl filter.
There is a big flaw in our current architecture anyway. The SSL handling
should not be done in the filter, IMO. It should be handled up front, as
we are dealing with something totally deconnected from the protocol. In
fact, data are sent to the server using a specific protocol encapsulated
into the SSL protocol.
The very same for the proxy...
As the proxyFilter is initialized through some handshake with the
client, maybe we need a proxySslFilter to combine the SSL filter and the
Proxy filter at this point.
May be I'm wrong too... But it seems to me that if there is some kind of
handshake between the server and the client to initialize the component
(Proxy or SSL), then there is a big issue somewhere with the filter chain...
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
