weird problem in forms in SSL

Thu, 25 May 2000 04:00:29 -0700 


Our configuration:
> RH 5.2 Intel
> JServ 1.1.1b
> JDK 1.2.2 RC4 Blackdown
> mod_ssl-2.6.4-1.3.12
> openssl-0.9.5a
> apache_1.3.12

Hi,

I previously submitted a problem I was having with Apache and SSL and
JServ. Basically a servlet which generated various pages for a site at
one point goes from http to https (secure pages). However, for one of the
forms (that the servlet sent to itself) this failed, with the server
complaining about the browser sending back http when it should have
been sending back https. Well, I have tracked this down. It is very
disturbing. Basically, a single character is all it took to screw
things up. 

Take a look at these 2 pages:

http://orca.cisti.nrc.ca:4077/~gnewton/ok.html

http://orca.cisti.nrc.ca:4077/~gnewton/broken.html


Go to the ok.html page. Click on the submit button. The this should
bring you to a page with a white background which says "If you are
here, you did something wrong..." (this is GOOD). Note the URL of this
page:  https://fin.cisti.nrc.ca:443/rpppv/RPViewDoc 

Now try the "broken.html" page. Click on submit. I get a popup
complaining that the web server is not happy because my browser is
sending http instead of https. I am using NS4.6 on RH5.2. I have the
same behaviour with IE4 IE5 on NT (don't ask me versions: i'm a Linux
guy). 

This is the difference between the two html pages:

ok.html:
        <input value="HandlePPVForm" type="HIDDEN" name="handler_">

broken.html:
        <input value="HandlePPVForm" type="HIDDEN" name="_handler_">

The single leading underscore character in the  'name="_handler_"'
breaks everything!!! This should not be happening!!! The content of my 
html, exception for the contents of an anchor URL or an acion URL
should be the only thing which effects if SSL should be happening.

Can someone explain to me what the hell is going on?


thanks, and java + apache + servlets + ssl still rule  ;-)


-glen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to