"Evan Jennings" <[EMAIL PROTECTED]> writes: > Looking again at OS/390 for comparison, I did misstate the flow. Below are > the actual intercepted SSL_read outputs on TPF. The "S_r: " prefix > indicates each SSL_read: > > S_r: POST /cgi-bin/cgi-forms HTTP/1.0 > Referer: https://1.2.3.4/cgiform.html > Connection: Keep-Alive > User-Agent: Mozilla/4.77 .en. (Windows NT 5.0; U) > Host: 1.2.3.4 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* > Accept-Encoding: gzip > Accept-Language: en,de > Accept-Charset: iso-8859-1,*,utf-8 > >The same thing on OS/390 shows me: > > S_r: POST /cgi-bin/test-cgi HTTP/1.0 > Referer: https://5.6.7.8:8443/cgiform2.html > Connection: Keep-Alive > User-Agent: Mozilla/4.77 [en] (Windows NT 5.0; U) > Host: 5.6.7.8:8443 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* > Accept-Encoding: gzip > Accept-Language: en,de > Accept-Charset: iso-8859-1,*,utf-8 > S_r: Content-type: application/x-www-form-urlencoded > Content-length: 9 > S_r: > S_r: entry=123 Note that these are totally different requests. It's a little hard to tell whether the first request actually contains a CRLF at the end or not. Can you clarify?
It might be useful if you used ssldump to record the actual traffic being sent by the client (provide it with the private key so we can see the plaintext). -Ekr ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]