Hi Yutaka San, it seems that the patch was compiled into the delegate, but i still get no connection. I still get an cookie with the secure flag set on the client side. 04/13 14:08:38.58 [3460] 2+1/1: HTTP => (some_ssl_server.de:443) GET /directory/index.jsp HTTP/1.1^M 04/13 14:08:38.58 [3460] 2+1/1: KeepAlive[8] = 1 04/13 14:08:38.58 [3460] 2+1/1: #CEsv THRU Accept-Encoding:gzip, deflate 04/13 14:08:38.58 [3462] 2+1/1: -- Fork(FSV): 3460 -> 3462 04/13 14:08:38.58 [3462] 2+1/1: #### execFilter[FSV] /usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem -pass pass:XXXXX 04/13 14:08:38.58 [3462] 2+1/1: FSV arg[0] /bin/sh 04/13 14:08:38.59 [3462] 2+1/1: FSV arg[1] -c 04/13 14:08:38.59 [3462] 2+1/1: FSV arg[2] /usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem -pass pass:XXXXX 04/13 14:08:38.58 [3460] 2+1/1: HTTP relayed request 375head ## SSLway[3462](PC1) server's cert. = **subject<<***>> ..... 04/13 14:08:38.98 [3460] 2+1/1: #CEcl disable chunk for Content-Encoding 04/13 14:08:38.98 [3460] 2+1/1: connDelay: 0.04sec, firstResp: 0.40sec 04/13 14:08:38.98 [3460] 2+1/1: URL BASE = 5/14 [directory/index.jsp] 04/13 14:08:38.98 [3460] 2+1/1: LINGER: [27] 30 8{1,30} 04/13 14:08:38.98 [3460] 2+1/1: #CEcl DO-response-buffering for Content-Encoding 04/13 14:08:38.98 [3460] 2+1/1: getTmpFile: fd=-1 [-1]->[3460]HTTP-respBuff 04/13 14:08:38.98 [3460] 2+1/1: TMPFILE(HTTP-respBuff) = (20) /usr/local/netaccess/tmp/dg3460.3.1113394118 04/13 14:08:38.98 [3460] 2+1/1: >>>TMPFILE(HTTP-respBuff)>>>8217748[20] 04/13 14:08:38.98 [3460] 2+1/1: Set-Cookie: #### >>>>>>> DST_PROTO[https]/ CLNT_PROTO[http] >>>>>>> HTTPS / HTTP 04/13 14:08:38.98 [3460] 2+1/1: MOUNT DIRMATCH patn[directory/] url[directory] 4 04/13 14:08:38.98 [3460] 2+1/1: ** /directory/ UNMOUNTED FROM https://some_ssl_server.de/directory/ ** 04/13 14:08:38.98 [3460] 2+1/1: rewriten-Cookie> #### 04/13 14:08:38.98 [3460] 2+1/1: #HT11 SERVER ver[HTTP/1.1] conn[] 04/13 14:08:38.98 [3460] 2+1/1: #HT11 server KEEP-ALIVE 04/13 14:08:38.98 [3460] 2+1/1: HTTP/1.1 200 Content-{Type:text/html Encoding:[/] Leng:319} Server:Microsoft-IIS/5.0 04/13 14:08:38.99 [3460] 2+1/1: #HT11 --Length=319 = 0 + 319 04/13 14:08:38.99 [3460] 2+1/1: ** /directory/ UNMOUNTED FROM https://some_ssl_server.de/directory/ ** 04/13 14:08:38.99 [3460] 2+1/1: #HT11 --Length=319 = 319 + 0 04/13 14:08:38.99 [3460] 2+1/1: Content-Length: 319 -> 319 (699 - 380) 04/13 14:08:38.99 [3460] 2+1/1: HTTP RESPONSE FLUSH: DO (HCKA=1) 04/13 14:08:38.99 [3460] 2+1/1: TCP_NODELAY[27] 0 -> 1 04/13 14:08:38.99 [3460] 2+1/1: TCP_NODELAY[27] 1 -> 0 04/13 14:08:38.99 [3460] 2+1/1: HTTP transmitted: 225head+319/319body=>0txt+0bin->319/319, 7i/2o/0f/0.0 04/13 14:08:38.99 [3460] 2+1/1: #### Path=/directory; Secure][Cache-Control:] 04/13 14:08:38.99 [3460] 2+1/1: No Last-Modified: 04/13 14:08:38.99 [3460] 2+1/1: relay_response()=-10005, cache=0, httpStat=W DontTruncate=0 04/13 14:08:38.99 [3460] 2+1/1: #HT11 EOF from the server 04/13 14:08:38.99 [3460] 2+1/1: #HT11 close svsokcs[18,19] 04/13 14:08:39.00 [3460] 2+1/2: HCKA:[2] KeepAlive: GET W =>1 04/13 14:08:39.00 [3460] 2+1/2: CFI process [3462] done 04/13 14:08:39.00 [3460] 2+1/2: TCP_NODELAY[27] 0 -> 1 04/13 14:08:39.00 [3460] 2+1/2: TCP_NODELAY[27] 1 -> 0 04/13 14:08:39.01 [3460] 2+1/2: #CEcl prepare ContEncoding:gzip, deflate 04/13 14:08:39.01 [3460] 2+1/2: Accept-Language: de 04/13 14:08:39.01 [3460] 2+1/2: HTTP Relay_request_head (496 bytes/9 lines) 04/13 14:08:39.01 [3460] 2+1/2: Proxy: host=PC1; User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0); DIRECT 04/13 14:08:39.01 [3460] 2+1/2: HTTP Relay_request done (496 bytes/9 lines) 04/13 14:08:39.01 [3460] 2+1/2: Host: 10.10.10.2:8080 04/13 14:08:39.01 [3460] 2+1/2: REQUEST - GET /directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.01 [3460] 2+1/2: ImMaster? 0 <http://-:80> <http://10.10.10.2:8080/> 04/13 14:08:39.01 [3460] 2+1/2: *** /directory/ MOUNTED TO[4] https://some_ssl_server.de/directory/ *** 04/13 14:08:39.01 [3460] 2+1/2: *** /directory/jsp/Login.jsp => https://some_ssl_server.de/directory/jsp/Login.jsp *** 04/13 14:08:39.01 [3460] 2+1/2: REQUEST +M https://some_ssl_server.de/directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.01 [3460] 2+1/2: To another server or proxy, THRU >>> https://some_ssl_server.de/directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.01 [3460] 2+1/2: REMOTE > GET /directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.01 [3460] 2+1/2: [4] URL Matched but not for MovedTo[20000]:/directory/jsp/Login.jsp 04/13 14:08:39.01 [3460] 2+1/2: [4] URL Matched but not for MovedTo[40000]:/directory/jsp/Login.jsp 04/13 14:08:39.01 [3460] 2+1/2: *** /directory/ MOUNTED TO[4] https://some_ssl_server.de/directory/ *** 04/13 14:08:39.01 [3460] 2+1/2: *** /directory/jsp/Login.jsp => https://some_ssl_server.de/directory/jsp/Login.jsp *** 04/13 14:08:39.01 [3460] 2+1/2: PATH> https://some_ssl_server.de:443!local_proxy:8080!PC1:2572!anonymous@PC1;1113394118 04/13 14:08:39.01 [3460] 2+1/2: REQUEST = [https://some_ssl_server.de:443/] GET /directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.02 [3460] 2+1/2: PERMITTED: https://some_ssl_server.de 04/13 14:08:39.02 [3460] 2+1/2: Cookie: #### 04/13 14:08:39.02 [3460] 2+1/2: XHost: (0,0,1) some_ssl_server.de <= 10.10.10.2:8080 04/13 14:08:39.02 [3460] 2+1/2: PERMITTED: https://some_ssl_server.de 04/13 14:08:39.02 [3460] 2+1/2: ConnectToServer connect https://some_ssl_server.de:443 04/13 14:08:39.05 [3460] 2+1/2: ConnectToServer connected [8] {193.22.162.79:443 <- 10.10.10.2:1027} [0.034s] 04/13 14:08:39.05 [3460] 2+1/2: KeepAlive[8] = 1 04/13 14:08:39.05 [3460] 2+1/2: PATH_TRANSLATED= 04/13 14:08:39.06 [3463] 2+1/2: -- Fork(FSV): 3460 -> 3463 04/13 14:08:39.06 [3460] 2+1/2: HTTP => (some_ssl_server.de:443) GET /directory/jsp/Login.jsp HTTP/1.1^M 04/13 14:08:39.06 [3460] 2+1/2: KeepAlive[8] = 1 04/13 14:08:39.06 [3460] 2+1/2: *** /directory/ MOUNTED TO[4] https://some_ssl_server.de/directory/ *** 04/13 14:08:39.06 [3460] 2+1/2: *** /directory/index.jsp => https://some_ssl_server.de/directory/index.jsp *** 04/13 14:08:39.06 [3460] 2+1/2: MOUNTED: https://some_ssl_server.de/directory/index.jsp 04/13 14:08:39.06 [3460] 2+1/2: rewritten Referer: https://some_ssl_server.de/directory/index.jsp 04/13 14:08:39.06 [3460] 2+1/2: #CEsv THRU Accept-Encoding:gzip, deflate 04/13 14:08:39.06 [3460] 2+1/2: HTTP relayed request 428head 04/13 14:08:39.06 [3463] 2+1/2: #### execFilter[FSV] /usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem -pass pass:XXXXX 04/13 14:08:39.06 [3463] 2+1/2: FSV arg[0] /bin/sh 04/13 14:08:39.06 [3463] 2+1/2: FSV arg[1] -c 04/13 14:08:39.07 [3463] 2+1/2: FSV arg[2] /usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem -pass pass:XXXXX 04/13 14:08:39.12 [3458] 1+1/2: CFI process remaining (1/1) 050413-140837.3457.1+1.0 PC1 - - [13/Apr/2005:14:08:37 +0100] "GET http://some_ssl_server.de:443/directory HTTP/1.1" 302 541 "" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 050413-140837.3457.1+1.1 PC1 - - [13/Apr/2005:14:08:38 +0100] "GET https://some_ssl_server.de/directory/ HTTP/1.1" 500 0 "" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 04/13 14:08:39.12 [3458] 1+1: StickyServer done [nonStickyProtocol(http:https:https)] 2 req / 1 conn / 2 sec 04/13 14:08:39.12 [3457] 2+0: AcceptByMain: got Sticky REPORT 1/1 04/13 14:08:39.12 [3457] 2+0: (1) process [3458] dead ## SSLway[3463](PC1) server's cert. = **subject<<***>> .... 04/13 14:08:39.46 [3460] 2+1/2: #CEcl disable chunk for Content-Encoding 04/13 14:08:39.46 [3460] 2+1/2: connDelay: 0.04sec, firstResp: 0.40sec 04/13 14:08:39.46 [3460] 2+1/2: URL BASE = 9/18 [directory/jsp/Login.jsp] 04/13 14:08:39.46 [3460] 2+1/2: LINGER: [27] 30 8{1,30} 04/13 14:08:39.46 [3460] 2+1/2: #CEcl DO-response-buffering for Content-Encoding 04/13 14:08:39.46 [3460] 2+1/2: getTmpFile: fd=21 [3460]HTTP-respBuff->[3460]HTTP-respBuff 04/13 14:08:39.46 [3460] 2+1/2: Set-Cookie: #### >>>>>>> DST_PROTO[https]/ CLNT_PROTO[http] >>>>>>> HTTPS / HTTP 04/13 14:08:39.46 [3460] 2+1/2: MOUNT DIRMATCH patn[directory/] url[directory] 4 04/13 14:08:39.46 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM https://some_ssl_server.de/directory/ ** 04/13 14:08:39.46 [3460] 2+1/2: rewriten-Cookie> #### 04/13 14:08:39.46 [3460] 2+1/2: #HT11 SERVER ver[HTTP/1.1] conn[] 04/13 14:08:39.46 [3460] 2+1/2: #HT11 server KEEP-ALIVE 04/13 14:08:39.47 [3460] 2+1/2: HTTP/1.1 200 Content-{Type:text/html Encoding:[/] Leng:1756} Server:Microsoft-IIS/5.0 04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 0 + 1756 04/13 14:08:39.47 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM https://some_ssl_server.de/directory/ ** 04/13 14:08:39.47 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM https://some_ssl_server.de/directory/ ** 04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 1077 + 679 04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 1756 + 0 04/13 14:08:39.47 [3460] 2+1/2: Content-Length: 1756 -> 1762 (2143 - 381) 04/13 14:08:39.48 [3460] 2+1/2: HTTP RESPONSE FLUSH: DO (HCKA=1) 04/13 14:08:39.48 [3460] 2+1/2: TCP_NODELAY[27] 0 -> 1 04/13 14:08:39.48 [3460] 2+1/2: TCP_NODELAY[27] 1 -> 0 04/13 14:08:39.48 [3460] 2+1/2: HTTP transmitted: 226head+1756/1756body=>0txt+0bin->1762/1762, 8i/2o/0f/0.0 04/13 14:08:39.48 [3460] 2+1/2: #### Path=/directory; Secure][Cache-Control:] 04/13 14:08:39.48 [3460] 2+1/2: No Last-Modified: 04/13 14:08:39.48 [3460] 2+1/2: relay_response()=-10005, cache=0, httpStat=W DontTruncate=0 04/13 14:08:39.48 [3460] 2+1/2: #HT11 EOF from the server 04/13 14:08:39.48 [3460] 2+1/2: #HT11 close svsokcs[20,22] 04/13 14:08:39.48 [3460] 2+1/3: HCKA:[3] KeepAlive: GET W =>1 04/13 14:08:39.48 [3460] 2+1/3: CFI process [3463] done 04/13 14:08:39.48 [3460] 2+1/3: TCP_NODELAY[27] 0 -> 1 04/13 14:08:39.48 [3460] 2+1/3: TCP_NODELAY[27] 1 -> 0 Cheers, Jon Yutaka Sato <pficabdyi-mxhgu46ie73w.ml@delegate.org> schrieb am 13.04.2005, 04:39:58: > Hi, > > In message on 04/11/05(20:24:06) > you wrote: > |here is a part of the logfile, witch may clarify the problem we have > ... > |04/11 13:09:42.64 [26961] 1+1/2/1: Set-Cookie: > |JSESSIONID=xxxx; Path=/directory; Secure > |04/11 13:09:42.64 [26961] 1+1/2/1: ** / UNMOUNTED FROM https://some_ssl_server/ ** > |04/11 13:09:42.64 [26961] 1+1/2/1: rewriten-Cookie> > |JSESSIONID=xxxx; Path=/directory; Secure > > As I thought in the former message, the Cookie from the server includes > Path and Secure attributes. But your DeleGate seems not to be modified > with my former patch. It is obvious that the message "rewriten-Cookie>" > is put in the rewriteCookie() called from MountCookieResponse(), > but there is no message which should be put by the line in the function: > > + fprintf(stderr,">>>>>>> HTTPS / HTTP\n"); > > So I have a doubt if the patch has been applied to your DeleGate. The > patch enclosed this time has one more line: > > + fprintf(stderr,">>>>>>> DST_PROTO[%s]/ CLNT_PROTO[%s]\n",DST_PROTO,CLNT_PROTO); > > With this patch, we can confirm if or not the patch is applied, and if > it is applied, we can see why the inserted code is not activated. > > Cheers, > Yutaka > -- > D G Yutaka Sato http://delegate.org/y.sato/ > ( - ) National Institute of Advanced Industrial Science and Technology > _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan > Do the more with the less -- B. Fuller > > > *** dist/delegate8.11.2/src/httphead.c Tue Mar 15 00:06:19 2005 > --- src/httphead.c Wed Apr 13 11:24:00 2005 > *************** > *** 1024,1069 **** > --- 1024,1111 ---- > const char *dp; > CStr(opath,1024); > CStr(url,URLSZ); > CStr(valb,256); > > lineScan(value,valb); > sv1log("Cookie: %s\n",valb); > > #ifdef RWCOOKIEREQ > HTTP_originalURLPath(Conn,opath); > if( !getsetDomPath(value,domain,opath,0) ) > return; > > strcpy(url,opath); > if( CTX_mount_url_to(Conn,Conn->cl_myhp,REQ_METHOD,url) ) > rewriteCookie(value,url); > #endif > } > + > + int delParam(PVStr(params),PCStr(name)){ > + refQStr(pp,params); > + const char *dp; > + CStr(name1,32); > + CStr(val1,URLSZ); > + int ndel = 0; > + > + pp = params; > + while( *pp != 0 ){ > + dp = wordscanY(pp,AVStr(name1),sizeof(name1),"^=;"); > + if( *dp == '=' ){ > + dp = valuescanX(dp+1,AVStr(val1),sizeof(val1)); > + if( *dp == '"' ) > + dp++; > + } > + if( *dp == ';' ) > + dp++; > + if( *dp == ' ' ) > + dp++; > + if( strcaseeq(name1,name) ){ > + ovstrcpy((char*)pp,dp); > + ndel++; > + }else{ > + pp = dp; > + } > + } > + return ndel; > + } > + > void MountCookieResponse(Connection *Conn,PCStr(request),PVStr(value)) > { CStr(dom,1024); > CStr(login,1024); > CStr(myhp,1024); > CStr(opath,1024); > CStr(url,URLSZ); > CStr(valb,256); > > lineScan(value,valb); > sv1log("Set-Cookie: %s\n",valb); > + > + fprintf(stderr,">>>>>>> DST_PROTO[%s]/ CLNT_PROTO[%s]\n",DST_PROTO,CLNT_PROTO); > + if( strcaseeq(DST_PROTO,"https") && strcaseeq(CLNT_PROTO,"http") ) > + { > + fprintf(stderr,">>>>>>> HTTPS / HTTP\n"); > + if( strcasestr(value,"Secure") ) > + { > + if( delParam(AVStr(value),"Secure") ){ > + sv1log("Removed Secure attribute ... %s\n",value); > + } > + } > + } > > HTTP_originalURLPath(Conn,AVStr(opath)); > if( !getsetDomPath(AVStr(value),AVStr(dom),AVStr(opath),0) ) > return; > > HTTP_ClientIF_HP(Conn,AVStr(myhp)); > HostPort(AVStr(login),DST_PROTO,DST_HOST,DST_PORT); > if( opath[0] == '/' ) > ovstrcpy(opath,opath+1); > > if( DO_DELEGATE ){ > sprintf(url,"%s://%s/-_-%s://%s/%s", > CLNT_PROTO,myhp,DST_PROTO,login,opath); > rewriteCookie(AVStr(value),url); > }else > if( CTX_mount_url_fromL(Conn,AVStr(url),DST_PROTO,login,opath,NULL,CLNT_PROTO,myhp) ) > rewriteCookie(AVStr(value),url); > }
V