0006443: mod_resin does not pass HTTPS correctly

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0006443

[Resin]

major

always

09-28-21 01:43

11-16-21 11:25

Reporter

adrianimboden

View Status

public

Assigned To

nam

Priority

normal

Resolution

duplicate

Status

closed

Product Version

4.0.63

Summary

0006443: mod_resin does not pass HTTPS correctly

Description

Since 4.0.63, apache2/mod_caucho.c contains the following logic:
```
  if (! strcmp(ap_http_scheme(r), "HTTPS")) {
    cse_write_string(s, CSE_IS_SECURE, "");
  }
```

on our apache server, `ap_http_scheme(r)` returns "https", not the expected "HTTPS", so the CSE_IS_SECURE does not get passed correctly.

Changing the code to this seems to be correct (case insensitive comparison):
```
  if (apr_strnatcmp(ap_http_scheme(r), "https") == 0) {
    cse_write_string(s, CSE_IS_SECURE, "");z
  }
```

Additional Information

Attached Files

Relationships

duplicate of

0006396

closed

nam

secure apache requests are marked as insecure by mod_caucho

Notes
(0007000) adrianimboden 09-28-21 01:53	Sorry, I meant this: ``` if (apr_strnatcasecmp(ap_http_scheme(r), "https") == 0) { cse_write_string(s, CSE_IS_SECURE, ""); } ```

Issue History
Date Modified	Username	Field	Change
09-28-21 01:43	adrianimboden	New Issue
09-28-21 01:49	adrianimboden	Issue Monitored: adrianimboden
09-28-21 01:53	adrianimboden	Note Added: 0007000
11-08-21 11:33	nam	Relationship added	duplicate of 0006396
11-08-21 11:33	nam	Duplicate ID	0 => 6396
11-08-21 11:33	nam	Status	new => resolved
11-08-21 11:33	nam	Fixed in Version	=> 4.0.66
11-08-21 11:33	nam	Resolution	open => duplicate
11-08-21 11:33	nam	Assigned To	=> nam
11-16-21 11:25	nam	Status	resolved => closed

Mantis 1.0.0rc3[^]

34 total queries executed.
28 unique queries executed.