[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Launchpad Bug Tracker]

This bug was fixed in the package apache2 - 2.4.7-1ubuntu4.7

---
apache2 (2.4.7-1ubuntu4.7) trusty; urgency=medium

  * d/p/wstunnel-ssl.patch: mod_proxy_wstunnel: Fix the use of SSL
connections with the "wss:" scheme.  PR55320.  LP: #1445914
Submitted by: Alex Liu 

 -- Jeffrey Hutzelman   Thu, 10 Sep 2015
12:50:00 -0400

** Changed in: apache2 (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Mathew Hodson]

** Changed in: apache2 (Ubuntu Trusty)
   Importance: Undecided => Medium

** Tags removed: verification-needed
** Tags added: trusty verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Jeffrey Hutzelman]

2.4.7-1ubuntu4.7 fixes my problem.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Chris J Arges]

Hello gianluca, or anyone else affected,

Accepted apache2 into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.7 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: apache2 (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Martin Pitt]

I uploaded the trusty patch to the SRU review queue. Thank you!

** Changed in: apache2 (Ubuntu Trusty)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Martin Pitt]

So this is fixed in wily which has 2.4.12.

** Changed in: apache2 (Ubuntu)
   Status: Triaged => Fix Released

** Also affects: apache2 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Jeffrey Hutzelman]

Try this one.  Note I omitted the Author tag.  It's not clear to me that
it's intended to name the author of the upstream patch, which in any
case is available in the upstream bug, the upstream commit, and the
debian/changelog entry.  I myself have no authorship stake in this
patch.

Note that while the upstream commit also patches the CHANGES file, I've
omitted that, because the addition is to a section (Changes with Apache
2.5.0) that doesn't exist in 2.4.7.  This file doesn't appear to make it
into any binary packages in any event.

** Patch added: "wstunnel-ssl-002.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/+attachment/4465275/+files/wstunnel-ssl-002.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Marc Deslauriers]

Thanks for the debdiff. The patch looks good, but could you please add
proper DEP-3 patch tags, including the Origin tag?

For example:

Description: xxx
Origin: upstream, https://svn.apache.org/viewvc?view=revision=1594625
Author: xxx

See the following for more information:

http://dep.debian.net/deps/dep3/

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Jeffrey Hutzelman]

The upstream patch (see attached debdiff) corrects the problem for me,
for an internal test case that is unfortunately too complex to share.

** Patch added: "debdiff containing the upstream patch"
   
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/+attachment/4460591/+files/wstunnel-ssl.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[gianluca]

** Description changed:

+ [Impact]
+ 
  In Apache 2.4.7 the wstunnel proxy has a bug where a plain-text request
  is sent to a WSS URL. The bug is described in
- https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in
- 2.4.10.  Is it possible to backport this (trivial) fix to 2.4.7 for
- Ubuntu 14.04 ?
+ https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in 2.4.10
+ with a very short and non-invasive patch.
+ 
+ [Test Case]
+ 
+ This is a testcase involving websockify and NoVNC.
+ 
+ On Host A install a VNC server listening on port 5900. On the same host
+ also install websockify to make VNC accessible through websocket. Launch
+ websockify with
+ 
+ websockify --cert privatecert.pem --ssl-only 6080 localhost:5900
+ 
+ where privatecert.pem contains both a certificate and the corresponding
+ private key.
+ 
+ On Host B install Apache 2.4 and download NoVNC in the directory /vnc
+ inside the document root. Enable SSL and the websocket proxy with
+ 
+ a2enmod proxy proxy_http proxy_wstunnel ssl
+ 
+ Add the following configuration directives for Apache:
+ 
+ Location /ws/client
+ProxyPass wss://HostA:6080
+ /Location
+ 
+ Now, connecting with a browser at the following URL:
+ 
+ 
https://HostB/vnc/vnc.html?host=HostBpath=/ws/client/websockifyconnectTimeout=5disconnectTimeout=5port=443autoconnect=1
+ 
+ should launch a remote VNC session on HostB, but it does not work
+ because the tunnel created by ProxyPass does not really use SSL.
+ 
+ [Regression Potential]
+ 
+ If someone had incorrectly configured Apache to use a WSS proxy towards
+ a server which only supports WS, this would stop working after the bug
+ is fixed. This can be fixed replacing the WSS schema with WS.
  
  OS: Ubuntu 14.04.2 LTS
  Package:  2.4.7-1ubuntu4.4

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Robie Basak]

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

Please follow the steps documented in
https://wiki.ubuntu.com/StableReleaseUpdates#Procedure - in particular
the Impact, Test Case and Regression Potential sections, which are best
done by someone familiar with both the bug and the fix and without which
we cannot update a stable release, in order to help avoid regressions to
existing users.

** Changed in: apache2 (Ubuntu)
   Status: Confirmed = Triaged

** Changed in: apache2 (Ubuntu)
   Importance: Undecided = Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Bug Watch Updater]

Launchpad has imported 9 comments from the remote bug at
https://bz.apache.org/bugzilla/show_bug.cgi?id=55320.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2013-07-29T03:08:36+00:00 Alex-leo-ca wrote:

When I configure ws_proxy_wstunnel module with wss:// URL the request is
actually sent in plaintext which gets rejected by backend server due to
SSL handshake failure.

Suggested correction,
314a315
 int is_ssl = 0;
320a322
 is_ssl = 1;
344c346
 backend-is_ssl = 0;
---
 backend-is_ssl = is_ssl;

Thanks,

Alex

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/0


On 2013-11-11T22:01:36+00:00 Jason-hoos wrote:

Created attachment 31035
Patch for mod_proxy_wstunnel.c

I ran into this issue today.  To assist others, I'm attaching a patch
file with Alex's fix.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/1


On 2014-04-13T17:01:33+00:00 Covener-0 wrote:

Thanks for the report, equivalent patch seems to be applied in trunk and
2.4.x.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/2


On 2014-05-14T14:38:38+00:00 Ylavic-dev wrote:

*** Bug 56515 has been marked as a duplicate of this bug. ***

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/3


On 2014-05-14T14:41:46+00:00 Ylavic-dev wrote:

This does not seem to be fixed (Bug 56515), at least I can't find the
corresponding code. Eric?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/4


On 2014-05-14T15:14:15+00:00 Covener-0 wrote:

Looking now, I must have misread

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/5


On 2014-05-16T22:04:16+00:00 Ylavic-dev wrote:

Commited in trunk with r1594625.
Proposed for backport in 2.4.x.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/6


On 2014-06-06T06:32:14+00:00 Ylavic-dev wrote:

Backported in upcoming 2.4.10.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/7


On 2014-08-18T07:41:02+00:00 tititou wrote:

Fixed and released in 2.4.10

Reply at:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1445914/comments/8


** Changed in: apache2
   Status: Unknown = Fix Released

** Changed in: apache2
   Importance: Unknown = High

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1445914] Re: Secure web socket proxy does not work in Apache 2.4.7

[Marc Deslauriers]

** Bug watch added: bz.apache.org/bugzilla/ #55320
   https://bz.apache.org/bugzilla/show_bug.cgi?id=55320

** Also affects: apache2 via
   https://bz.apache.org/bugzilla/show_bug.cgi?id=55320
   Importance: Unknown
   Status: Unknown

** Information type changed from Private Security to Public Security

** Changed in: apache2 (Ubuntu)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1445914

Title:
  Secure web socket proxy does not work in Apache 2.4.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs