develooper Front page | perl.libwww | Postings from February 2001

Re: Apache::ASP, SSL problems ... must be LWP ...

Thread Next
From:
Demetrios C. Christopher
Date:
February 16, 2001 10:14
Subject:
Re: Apache::ASP, SSL problems ... must be LWP ...
Message ID:
NEBBKCHLILDAOIENGACCEEPBCAAA.dcchristopher@darwinmail.net
Hey guys, thanks for nothing ... this is the second reply
to my own email :(

Anyway, I contacted the site with which we were having problems
and they went through their logs only to discover that the only
difference between LWP https calls that were successful and those
that failed was the return code!!!

When I ran the local web script (that contacted the remote https
web server) under https then the request would come back 403.5.
When I ran it under http then it would come back 200.  It appears,
although LWP knows it's doing a https call and it successfully
connects, the SSL cipher it used was not 128-bit or was corrupted.
Now think, why would the mode of the server on which the process
is running bear an effect on the outcome of the connection miles
away?  I'm guessing there's a conflict of interest ... Stronghold
is tapping the SSL library (I can find out which one if people are
interested in helping, ah-hem) and when LWP is trying to form a
128-bit cipher it's getting some junk or errors.  Go figure.

Ok guys, I did most of the investigation work, anyone out there
who has seen this before?  Is Joshua out sick or something ;)

Thanks,
Demetrios

My original message follows, useful now that I also cross-posted
to libwww.  Please note that my problem described above has
temporarily subsided after installing Apache::ASP 2.09 (from 2.03).
Given though that the problem appeared all of the sudden without
any "cause", I am not so sure this is going to fly either.  Perhaps
resetting the server cleared some junk.


Hello all,
I am running A::A 2.03 on a Solaris 2.6 box with Stronghold 2.4.2, whatever.
The truth is I doubt the rest matters ... I am running a pretty cool web app
where fields are collected, validated and then appropriate action is taken,
one of which is to make an HTTP call (LWP) to a third-party site and
exchange
some info, register, blah-blah-blah.

To the point: when I use http for everything, the session variables work
fine
and everything works perfectly, as it's coded to do.  The moment I try to
take everything under https (since some of the information is personal and
of
financial nature) things work intermittently.  I have it down to a script of
what things you can do and what you cannot.  There is no logic behind having
to enter everything the first time around (the script is self-posting,
self-validating) in order to get the proper outcome.  At some point I
started
to dump the Session variables to see what's in them and found data from
_OTHER_ sessions!  Argh!  No, this has nothing to do with perl's closure
issue ... all functions come from .pm's and there is no problem with
function
calls.

I am at wits end ... I just went through all this in the last couple of days
and just bothered to check for a newer version of Apache::ASP.  I will try
to
upgrade soon to see if that does anything but I was hoping someone might
have seen this problem before where SSL session information did not work
as well as it should.

Did I mention this?: under https, calls to some remote server would
intermit.
fail and give back a 403 - Access Forbidden ... what the heck?  This
function
merely took data from the session and passed it as parameters ... what sort
of influence would which port the server was running on have on the HTTP
req.
being made and/or on the remote server's ability to process the
request?!?!?!

Oh well, hope someone out there can help out.  Thanks in advance.

Demetrios


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About