Hi there,
we use apache and mod_ssl to proxy http requests to a https site.
While this works fine for http GET we use POST to the https site and
this is what goes wrong:
[29/Aug/2000 16:14:20 02895] [info] Init: Reinitializing OpenSSL
library
[29/Aug/2000 16:14:20 02895] [trace] Inter-Process Session Cache (DBM)
Expiry: old: 0, new: 0, removed: 0
[29/Aug/2000 16:14:20 02895] [info] Init: Seeding PRNG with 136 bytes
of entropy
[29/Aug/2000 16:14:20 02895] [info] Init: Configuring temporary RSA
private keys (512/1024 bits)
[29/Aug/2000 16:14:20 02895] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[29/Aug/2000 16:14:20 02895] [info] Init: Initializing (virtual)
servers for SSL
[29/Aug/2000 16:16:45 02896] [error] SSL proxy connect failed
(proxy.somedomain.com:8080): peer secure.otherdomain.com:443: bad mac
decode
Here's the respective VirtualHost directive:
<VirtualHost _default_:8080>
ProxyPass /payment/ https://secure.otherdomain.com:443/ #error
ProxyPass /apache/ http://www.apache.org/ #works with GET
ProxyPass /apache-ssl/ https://www.apache-ssl.org:443/ #works with GET
SSLLogLevel trace
ErrorLog /opt/apache-1.3.12/logs/sslproxy_error_log
CustomLog /opt/apache-1.3.12/logs/sslproxy_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory proxy:>
order deny,allow
deny from all
allow from 10.1.1.1 127.0.0.1
</Directory>
</VirtualHost>
As there should be no certificates involved the previous posts
concerning the bad mac decode in browsers don't seem to apply here...
Ideas anybody ?
Regards,
--
Lars Steinke
Technical Support Engineer
abaXX
TECHNOLOGY GMBH
[Address] Forststraße 7,
70174 Stuttgart, Germany
[Phone] +49-(711)-61 41 6 - 274
[Facsimile] +49-(711)-61 41 6 - 180
[E-Mail] mailto:[EMAIL PROTECTED]
[Internet] http://www.abaXX.de
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
