Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006443 [Resin] major always 09-28-21 01:43 09-28-21 01:53
Reporter adrianimboden View Status public  
Assigned To
Priority normal Resolution open  
Status new   Product Version 4.0.63
Summary 0006443: mod_resin does not pass HTTPS correctly
Description Since 4.0.63, apache2/mod_caucho.c contains the following logic:
```
  if (! strcmp(ap_http_scheme(r), "HTTPS")) {
    cse_write_string(s, CSE_IS_SECURE, "");
  }
```

on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly.

Changing the code to this seems to be correct (case insensitive comparison):
```
  if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) {
    cse_write_string(s, CSE_IS_SECURE, "");z
  }
```
Additional Information
Attached Files

- Relationships

- Notes
(0007000)
adrianimboden
09-28-21 01:53

Sorry, I meant this:
```
  if (apr_strnatcasecmp(ap_http_scheme(r), "https") == 0) {
    cse_write_string(s, CSE_IS_SECURE, "");
  }
```
 

- Issue History
Date Modified Username Field Change
09-28-21 01:43 adrianimboden New Issue
09-28-21 01:49 adrianimboden Issue Monitored: adrianimboden
09-28-21 01:53 adrianimboden Note Added: 0007000


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
25 unique queries executed.
Powered by Mantis Bugtracker