Bug 39658 - mod_proxy_ajp SSL Key Size Bug
Summary: mod_proxy_ajp SSL Key Size Bug
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.2.2
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-25 11:36 UTC by Chetan Sabnis
Modified: 2018-08-22 18:54 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chetan Sabnis 2006-05-25 11:36:47 UTC
mod_proxy_ajp appears to not comply to the AJP 1.3 spec when sending over the
SSL key size as an attribute in the AJP 1.3 Request.  Instead of sending the key
size as a string, it sends it as an integer.  Both the tomcat and mod_proxy_ajp
documentation implies that it is a string:

http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#rpacetstruct
http://tomcat.apache.org/connectors-doc-archive/jk2/common/AJPv13.html#Request%20Packet%20Structure

This bug ends up manifesting itself in Jetty 5.1.11 (latest stable) when a
connection comes in over SSL to Apache HTTP 2.2.2 and is tunneled to Jetty. 
Unlike Tomcat, their AJP implementation is not resilient against non-compliant
behavior.  It completely rejects the request.  


The 2.2.2 following patch includes my fix.  I have tested this against Tomcat
5.0.24, Tomcat 5.5.9, and Jetty 5.1.11 over SSL.  All work for proxying the
request, but I have not verified that the key size is available and present in
the respective servlet containers.

diff httpd-2.2.2/modules/proxy/ajp_header.c
httpd-2.2.2-css/modules/proxy/ajp_header.c
392c392
<                 || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
---
>                 || ajp_msg_append_string(msg, envvar)) {
Comment 1 Ruediger Pluem 2006-05-25 13:08:41 UTC
You are correct about the documentation of the protocol, but Tomcat, mod_jk and
as noticed mod_proxy_ajp handle this as an integer. So its a bug in the
documentation of the protocol and a bug in Jetty which implements this according
to the buggy documentation. So please open up a bug report at Jetty.
Comment 2 Jeff Trawick 2006-05-25 17:29:48 UTC
so we should keep this PR open to fix our doc, right?
Comment 3 Ruediger Pluem 2006-05-25 18:30:41 UTC
Yes of course. Pushed the wrong button :-).
Comment 4 Chetan Sabnis 2006-05-25 19:04:17 UTC
Thanks for the quick feedback.  For anyone interested in following this on the
Jetty side of things I have submitted a bug and patch for Jetty here.

https://sourceforge.net/tracker/index.php?func=detail&aid=1494939&group_id=7322&atid=107322
Comment 5 Ruediger Pluem 2006-05-25 19:43:01 UTC
Committed to trunk as r409442 (http://svn.apache.org/viewvc?rev=409430&view=rev).
Comment 6 Christophe JAILLET 2018-08-22 18:54:03 UTC
Closing now this 12 years old doc fix!
Both 2.2 and 2.4 docs are up to date.