Bug 39658

Summary: mod_proxy_ajp SSL Key Size Bug
Product: Apache httpd-2 Reporter: Chetan Sabnis <chetan.sabnis>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal CC: tixu
Priority: P2    
Version: 2.2.2   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Chetan Sabnis 2006-05-25 11:36:47 UTC 
mod_proxy_ajp appears to not comply to the AJP 1.3 spec when sending over the
SSL key size as an attribute in the AJP 1.3 Request.  Instead of sending the key
size as a string, it sends it as an integer.  Both the tomcat and mod_proxy_ajp
documentation implies that it is a string:

http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#rpacetstruct
http://tomcat.apache.org/connectors-doc-archive/jk2/common/AJPv13.html#Request%20Packet%20Structure

This bug ends up manifesting itself in Jetty 5.1.11 (latest stable) when a
connection comes in over SSL to Apache HTTP 2.2.2 and is tunneled to Jetty. 
Unlike Tomcat, their AJP implementation is not resilient against non-compliant
behavior.  It completely rejects the request.  


The 2.2.2 following patch includes my fix.  I have tested this against Tomcat
5.0.24, Tomcat 5.5.9, and Jetty 5.1.11 over SSL.  All work for proxying the
request, but I have not verified that the key size is available and present in
the respective servlet containers.

diff httpd-2.2.2/modules/proxy/ajp_header.c
httpd-2.2.2-css/modules/proxy/ajp_header.c
392c392
<                 || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
---
>                 || ajp_msg_append_string(msg, envvar)) {
Comment 1 Ruediger Pluem 2006-05-25 13:08:41 UTC 
You are correct about the documentation of the protocol, but Tomcat, mod_jk and
as noticed mod_proxy_ajp handle this as an integer. So its a bug in the
documentation of the protocol and a bug in Jetty which implements this according
to the buggy documentation. So please open up a bug report at Jetty.
Comment 2 Jeff Trawick 2006-05-25 17:29:48 UTC 
so we should keep this PR open to fix our doc, right?
Comment 3 Ruediger Pluem 2006-05-25 18:30:41 UTC 
Yes of course. Pushed the wrong button :-).
Comment 4 Chetan Sabnis 2006-05-25 19:04:17 UTC 
Thanks for the quick feedback.  For anyone interested in following this on the
Jetty side of things I have submitted a bug and patch for Jetty here.

https://sourceforge.net/tracker/index.php?func=detail&aid=1494939&group_id=7322&atid=107322
Comment 5 Ruediger Pluem 2006-05-25 19:43:01 UTC 
Committed to trunk as r409442 (http://svn.apache.org/viewvc?rev=409430&view=rev).
Comment 6 Christophe JAILLET 2018-08-22 18:54:03 UTC 
Closing now this 12 years old doc fix!
Both 2.2 and 2.4 docs are up to date.