0006443: mod_resin does not pass HTTPS correctly

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0006443

[Resin]

major

always

09-28-21 01:43

11-16-21 11:25

Reporter

adrianimboden

View Status

public

Assigned To

nam

Priority

normal

Resolution

duplicate

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

4.0.66

Product Version

4.0.63

Product Build

Summary

0006443: mod_resin does not pass HTTPS correctly

Description

Since 4.0.63, apache2/mod_caucho.c contains the following logic:
```
  if (! strcmp(ap_http_scheme(r), "HTTPS")) {
    cse_write_string(s, CSE_IS_SECURE, "");
  }
```

on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly.

Changing the code to this seems to be correct (case insensitive comparison):
```
  if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) {
    cse_write_string(s, CSE_IS_SECURE, "");z
  }
```

Steps To Reproduce

Additional Information

Attached Files

Relationships

duplicate of

0006396

closed

nam

secure apache requests are marked as insecure by mod_caucho

Notes
(0007000) adrianimboden 09-28-21 01:53	Sorry, I meant this: ``` if (apr_strnatcasecmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, ""); } ```

Issue History
Date Modified	Username	Field	Change
09-28-21 01:43	adrianimboden	New Issue
09-28-21 01:49	adrianimboden	Issue Monitored: adrianimboden
09-28-21 01:53	adrianimboden	Note Added: 0007000
11-08-21 11:33	nam	Relationship added	duplicate of 0006396
11-08-21 11:33	nam	Duplicate ID	0 => 6396
11-08-21 11:33	nam	Status	new => resolved
11-08-21 11:33	nam	Fixed in Version	=> 4.0.66
11-08-21 11:33	nam	Resolution	open => duplicate
11-08-21 11:33	nam	Assigned To	=> nam
11-16-21 11:25	nam	Status	resolved => closed

Mantis 1.0.0rc3[^]

34 total queries executed.
28 unique queries executed.