Article delegate-en/2905 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] =?iso-8859-1?Q?Re:_[DeleGate-En:2906]_cookie_handling_in_sslway?=
11 Apr 2005 09:04:17 GMT <pk4fqbdyi-hugik5sd25xr.ml@ml.delegate.org>



Hi Yutaka san,

we still have the problem that our client receivs secure cookies,
the mentioned "Removed Secure ..." will not appear in the logfile.

What else can I do?

cheers,
Jon


Hi,

In message
<_A2903@delegate-en.ML_>
 on 04/08/05(19:28:02)

you <pk4fqbdyi-hugik5sd25xr.ml@ml.delegate.org> wrote:
 |I have a problem setting up delegate with sslway.
 |We want to connect via HTTP direct to the proxy and
 |the proxy should manage the certificate and password, and forward my
 |connection to an HTTPS server.
 |I start delegate with the following parameters:
 |
 |/root/delegate8.11.1/src/delegated -vvd CACHE=no \
 |ADMIN="root@localhost" SERVER=http -P8080 \
 |MOUNT="/directory/* https://some_ssl_server/directory/*" \
 |DGROOT="/usr/local/netaccess" LOGDIR="/var/log/delegate" \
 |HTTPCONF=session PROTOLOG=":%s %X" \
 |FSV="/usr/local/netaccess/lib/sslway -cert
 |/usr/local/netaccess/lib/test.pem -pass pass:xxxxx"
 |
 |The problem is how to set up the cookie handling transparent,
 |so that every cookie from the server side reaches the client
 |and vice versa.

It might be the rewriting problem of Domain or Path attribute in a
Cookie which need to be rewritten consistently according to the MOUNT.
But it is more likely that the Cookie from a server includes "Secure"
attribute which must be sent back from client only over HTTPS.  I left
it uncared so it should be modified like the enclosed patch.
If this patch works, you will see "Set-Cookie: ..." followed with
"Removed Secure" in your LOGFILE.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/delegate8.11.2/src/httphead.c		 Tue Mar 15 00:06:19 2005
--- src/httphead.c		 Fri Apr  8 20:36:46 2005
***************
*** 1039,1044 ****
--- 1039,1074 ----
  		 		 rewriteCookie(value,url);
  #endif
  }
+
+ int delParam(PVStr(params),PCStr(name)){
+ 		 refQStr(pp,params);
+ 		 const char *dp;
+ 		 CStr(name1,32);
+ 		 CStr(val1,URLSZ);
+ 		 int ndel = 0;
+
+ 		 pp = params;
+ 		 while( *pp != 0 ){
+ 		 		 dp = wordscanY(pp,AVStr(name1),sizeof(name1),"^=;");
+ 		 		 if( *dp == '=' ){
+ 		 		 		 dp = valuescanX(dp+1,AVStr(val1),sizeof(val1));
+ 		 		 		 if( *dp == '"' )
+ 		 		 		 		 dp++;
+ 		 		 }
+ 		 		 if( *dp == ';' )
+ 		 		 		 dp++;
+ 		 		 if( *dp == ' ' )
+ 		 		 		 dp++;
+ 		 		 if( strcaseeq(name1,name) ){
+ 		 		 		 ovstrcpy((char*)pp,dp);
+ 		 		 		 ndel++;
+ 		 		 }else{
+ 		 		 		 pp = dp;
+ 		 		 }
+ 		 }
+ 		 return ndel;
+ }
+
  void MountCookieResponse(Connection *Conn,PCStr(request),PVStr(value))
  {		 CStr(dom,1024);
  		 CStr(login,1024);
***************
*** 1049,1054 ****
--- 1079,1092 ----

  		 lineScan(value,valb);
  		 sv1log("Set-Cookie: %s\n",valb);
+
+ 		 if( strcaseeq(DST_PROTO,"https") && strcaseeq(CLNT_PROTO,"http") )
+ 		 if( strcasestr(value,"Secure") )
+ 		 {
+ 		 		 if( delParam(AVStr(value),"Secure") ){
+ 		 		 		 sv1log("Removed Secure attribute ... %s\n",value);
+ 		 		 }
+ 		 }

  		 HTTP_originalURLPath(Conn,AVStr(opath));
  		 if( !getsetDomPath(AVStr(value),AVStr(dom),AVStr(opath),0) )

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V