Article delegate-en/2904 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2903@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: =?iso-8859-1?Q?cookie_handling_in_sslway?=
08 Apr 2005 11:43:48 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A2903@delegate-en.ML_> on 04/08/05(19:28:02)
you <pk4fqbdyi-f4q452xtwj3r.ml@ml.delegate.org> wrote:
 |I have a problem setting up delegate with sslway.
 |We want to connect via HTTP direct to the proxy and
 |the proxy should manage the certificate and password, and forward my
 |connection to an HTTPS server.
 |I start delegate with the following parameters:
 |
 |/root/delegate8.11.1/src/delegated -vvd CACHE=no \
 |ADMIN="root@localhost" SERVER=http -P8080 \
 |MOUNT="/directory/* https://some_ssl_server/directory/*" \
 |DGROOT="/usr/local/netaccess" LOGDIR="/var/log/delegate" \
 |HTTPCONF=session PROTOLOG=":%s %X" \
 |FSV="/usr/local/netaccess/lib/sslway -cert
 |/usr/local/netaccess/lib/test.pem -pass pass:xxxxx"
 |
 |The problem is how to set up the cookie handling transparent,
 |so that every cookie from the server side reaches the client
 |and vice versa.

It might be the rewriting problem of Domain or Path attribute in a
Cookie which need to be rewritten consistently according to the MOUNT.
But it is more likely that the Cookie from a server includes "Secure"
attribute which must be sent back from client only over HTTPS.  I left
it uncared so it should be modified like the enclosed patch.
If this patch works, you will see "Set-Cookie: ..." followed with
"Removed Secure" in your LOGFILE.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/delegate8.11.2/src/httphead.c	Tue Mar 15 00:06:19 2005
--- src/httphead.c	Fri Apr  8 20:36:46 2005
***************
*** 1039,1044 ****
--- 1039,1074 ----
  		rewriteCookie(value,url);
  #endif
  }
+ 
+ int delParam(PVStr(params),PCStr(name)){
+ 	refQStr(pp,params);
+ 	const char *dp;
+ 	CStr(name1,32);
+ 	CStr(val1,URLSZ);
+ 	int ndel = 0;
+ 
+ 	pp = params;
+ 	while( *pp != 0 ){
+ 		dp = wordscanY(pp,AVStr(name1),sizeof(name1),"^=;");
+ 		if( *dp == '=' ){
+ 			dp = valuescanX(dp+1,AVStr(val1),sizeof(val1));
+ 			if( *dp == '"' )
+ 				dp++;
+ 		}
+ 		if( *dp == ';' )
+ 			dp++;
+ 		if( *dp == ' ' )
+ 			dp++;
+ 		if( strcaseeq(name1,name) ){
+ 			ovstrcpy((char*)pp,dp);
+ 			ndel++;
+ 		}else{
+ 			pp = dp;
+ 		}
+ 	}
+ 	return ndel;
+ }
+ 
  void MountCookieResponse(Connection *Conn,PCStr(request),PVStr(value))
  {	CStr(dom,1024);
  	CStr(login,1024);
***************
*** 1049,1054 ****
--- 1079,1092 ----
  
  	lineScan(value,valb);
  	sv1log("Set-Cookie: %s\n",valb);
+ 
+ 	if( strcaseeq(DST_PROTO,"https") && strcaseeq(CLNT_PROTO,"http") )
+ 	if( strcasestr(value,"Secure") )
+ 	{
+ 		if( delParam(AVStr(value),"Secure") ){
+ 			sv1log("Removed Secure attribute ... %s\n",value);
+ 		}
+ 	}
  
  	HTTP_originalURLPath(Conn,AVStr(opath));
  	if( !getsetDomPath(AVStr(value),AVStr(dom),AVStr(opath),0) )

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V