[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
This bug was fixed in the package apache2 - 2.4.7-1ubuntu4.7 --- apache2 (2.4.7-1ubuntu4.7) trusty; urgency=medium * d/p/wstunnel-ssl.patch: mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme. PR55320. LP: #1445914 Submitted by: Alex Liu -- Jeffrey HutzelmanThu, 10 Sep 2015 12:50:00 -0400 ** Changed in: apache2 (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
** Changed in: apache2 (Ubuntu Trusty) Importance: Undecided => Medium ** Tags removed: verification-needed ** Tags added: trusty verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
2.4.7-1ubuntu4.7 fixes my problem. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Hello gianluca, or anyone else affected, Accepted apache2 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.7 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apache2 (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
I uploaded the trusty patch to the SRU review queue. Thank you! ** Changed in: apache2 (Ubuntu Trusty) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
So this is fixed in wily which has 2.4.12. ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** Also affects: apache2 (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Try this one. Note I omitted the Author tag. It's not clear to me that it's intended to name the author of the upstream patch, which in any case is available in the upstream bug, the upstream commit, and the debian/changelog entry. I myself have no authorship stake in this patch. Note that while the upstream commit also patches the CHANGES file, I've omitted that, because the addition is to a section (Changes with Apache 2.5.0) that doesn't exist in 2.4.7. This file doesn't appear to make it into any binary packages in any event. ** Patch added: "wstunnel-ssl-002.debdiff" https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/+attachment/4465275/+files/wstunnel-ssl-002.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Thanks for the debdiff. The patch looks good, but could you please add proper DEP-3 patch tags, including the Origin tag? For example: Description: xxx Origin: upstream, https://svn.apache.org/viewvc?view=revision=1594625 Author: xxx See the following for more information: http://dep.debian.net/deps/dep3/ Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
The upstream patch (see attached debdiff) corrects the problem for me, for an internal test case that is unfortunately too complex to share. ** Patch added: "debdiff containing the upstream patch" https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/+attachment/4460591/+files/wstunnel-ssl.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
** Description changed: + [Impact] + In Apache 2.4.7 the wstunnel proxy has a bug where a plain-text request is sent to a WSS URL. The bug is described in - https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in - 2.4.10. Is it possible to backport this (trivial) fix to 2.4.7 for - Ubuntu 14.04 ? + https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in 2.4.10 + with a very short and non-invasive patch. + + [Test Case] + + This is a testcase involving websockify and NoVNC. + + On Host A install a VNC server listening on port 5900. On the same host + also install websockify to make VNC accessible through websocket. Launch + websockify with + + websockify --cert privatecert.pem --ssl-only 6080 localhost:5900 + + where privatecert.pem contains both a certificate and the corresponding + private key. + + On Host B install Apache 2.4 and download NoVNC in the directory /vnc + inside the document root. Enable SSL and the websocket proxy with + + a2enmod proxy proxy_http proxy_wstunnel ssl + + Add the following configuration directives for Apache: + + Location /ws/client +ProxyPass wss://HostA:6080 + /Location + + Now, connecting with a browser at the following URL: + + https://HostB/vnc/vnc.html?host=HostBpath=/ws/client/websockifyconnectTimeout=5disconnectTimeout=5port=443autoconnect=1 + + should launch a remote VNC session on HostB, but it does not work + because the tunnel created by ProxyPass does not really use SSL. + + [Regression Potential] + + If someone had incorrectly configured Apache to use a WSS proxy towards + a server which only supports WS, this would stop working after the bug + is fixed. This can be fixed replacing the WSS schema with WS. OS: Ubuntu 14.04.2 LTS Package: 2.4.7-1ubuntu4.4 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Thank you for taking the time to report this bug and helping to make Ubuntu better. Please follow the steps documented in https://wiki.ubuntu.com/StableReleaseUpdates#Procedure - in particular the Impact, Test Case and Regression Potential sections, which are best done by someone familiar with both the bug and the fix and without which we cannot update a stable release, in order to help avoid regressions to existing users. ** Changed in: apache2 (Ubuntu) Status: Confirmed = Triaged ** Changed in: apache2 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
Launchpad has imported 9 comments from the remote bug at https://bz.apache.org/bugzilla/show_bug.cgi?id=55320. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2013-07-29T03:08:36+00:00 Alex-leo-ca wrote: When I configure ws_proxy_wstunnel module with wss:// URL the request is actually sent in plaintext which gets rejected by backend server due to SSL handshake failure. Suggested correction, 314a315 int is_ssl = 0; 320a322 is_ssl = 1; 344c346 backend-is_ssl = 0; --- backend-is_ssl = is_ssl; Thanks, Alex Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/0 On 2013-11-11T22:01:36+00:00 Jason-hoos wrote: Created attachment 31035 Patch for mod_proxy_wstunnel.c I ran into this issue today. To assist others, I'm attaching a patch file with Alex's fix. Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/1 On 2014-04-13T17:01:33+00:00 Covener-0 wrote: Thanks for the report, equivalent patch seems to be applied in trunk and 2.4.x. Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/2 On 2014-05-14T14:38:38+00:00 Ylavic-dev wrote: *** Bug 56515 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/3 On 2014-05-14T14:41:46+00:00 Ylavic-dev wrote: This does not seem to be fixed (Bug 56515), at least I can't find the corresponding code. Eric? Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/4 On 2014-05-14T15:14:15+00:00 Covener-0 wrote: Looking now, I must have misread Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/5 On 2014-05-16T22:04:16+00:00 Ylavic-dev wrote: Commited in trunk with r1594625. Proposed for backport in 2.4.x. Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/6 On 2014-06-06T06:32:14+00:00 Ylavic-dev wrote: Backported in upcoming 2.4.10. Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/7 On 2014-08-18T07:41:02+00:00 tititou wrote: Fixed and released in 2.4.10 Reply at: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/8 ** Changed in: apache2 Status: Unknown = Fix Released ** Changed in: apache2 Importance: Unknown = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7
** Bug watch added: bz.apache.org/bugzilla/ #55320 https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 ** Also affects: apache2 via https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Changed in: apache2 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs