Hi,
With the latest source and the attached patch from Nacho,
isapi_redirect.dll is able to pass the certificate to
Tomcat. However, when I try it out on Win2k and IIS5.0
I get the following exception displayed:
Ajp13: Certificate convertion failed
java.security.cert.CertificateException: Unable to initialize,
java.io.IOException: DerInputStream.getLength(): lengthTag=76, too big.
This comes from the:
X509Certificate cert = (X509Certificate)
cf.generateCertificate(bais);
call now found in o.a.t.util.compat.Jdk12Support.getX509Certificates().
I haven't tried this with Apache and mod_jk. Is that combination
working for others?
Any clues or suggestions how to pursue this problem would
be appreciated.
Cheers,
Larry Isaacs
jk_isapi_plugin.c.diff
Portion of isapi_redirect.log with loglevel = debug
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (419)]: HttpFilterProc started
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (443)]: In HttpFilterProc Virtual Host
redirection of /localhost/examples/jsp/index.html
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (343)]: Into
jk_uri_worker_map_t::map_uri_to_worker
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (360)]: Attempting to map URI
'/localhost/examples/jsp/index.html'
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (445)]:
jk_uri_worker_map_t::map_uri_to_worker, done without a match
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (449)]: In HttpFilterProc test Default
redirection of /examples/jsp/index.html
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (343)]: Into
jk_uri_worker_map_t::map_uri_to_worker
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (360)]: Attempting to map URI
'/examples/jsp/index.html'
[Tue Sep 18 22:34:02 2001] [jk_uri_worker_map.c (382)]:
jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 -> /examples/
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (460)]: HttpFilterProc
[/examples/jsp/index.html] is a servlet url - should redirect to ajp13
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (482)]: HttpFilterProc check if
[/examples/jsp/index.html] is points to the web-inf directory
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (538)]: HttpExtensionProc started
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars CERT_ISSUER:C=ZA,
S=Western Cape, L=Cape Town, O=Thawte, OU=Certificate Services, CN=Personal Freemail
RSA 2000.8.30.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars CERT_SUBJECT:CN=Thawte
Freemail Member, [EMAIL PROTECTED]
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars
CERT_COOKIE:85d7d0cb330497361e1b27bdacff6931.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars
HTTPS_SERVER_SUBJECT:CN=first, OU=Bip Department, O=SAS Institute, L=Cary, S=North
Carolina, C=US.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars CERT_FLAGS:1.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars
HTTPS_SECRETKEYSIZE:512.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars
CERT_SERIALNUMBER:05-ad-8a.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars
HTTPS_SERVER_ISSUER:C=ZA, S=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST
TEST TEST, CN=Thawte Test CA Root.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (919)]: SSL vars HTTPS_KEYSIZE:128.
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (951)]: Client Certificate encoding:1
sz:658 flags:1
[Tue Sep 18 22:34:02 2001] [jk_worker.c (123)]: Into wc_get_worker_for_name ajp13
[Tue Sep 18 22:34:02 2001] [jk_worker.c (127)]: wc_get_worker_for_name, done found a
worker
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (560)]: HttpExtensionProc got a worker
for name ajp13
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (865)]: Into jk_worker_t::get_endpoint
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (775)]: Into jk_endpoint_t::service
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (383)]: Into ajp13_marshal_into_msgb
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (517)]: ajp13_marshal_into_msgb - Done
[Tue Sep 18 22:34:02 2001] [jk_connect.c (108)]: Into jk_open_socket
[Tue Sep 18 22:34:02 2001] [jk_connect.c (115)]: jk_open_socket, try to connect
socket = 1772
[Tue Sep 18 22:34:02 2001] [jk_connect.c (124)]: jk_open_socket, after connect ret = 0
[Tue Sep 18 22:34:02 2001] [jk_connect.c (132)]: jk_open_socket, set TCP_NODELAY to on
[Tue Sep 18 22:34:02 2001] [jk_connect.c (140)]: jk_open_socket, return, sd = 1772
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (189)]: In
jk_endpoint_t::connect_to_tomcat, connected sd = 1772
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (206)]: sending to ajp13 #1578
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (645)]: send_request 2: request body to
send 0 - request body to resend 0
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (258)]: received from ajp13 #48
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (564)]: ajp13_unmarshal_response: status = 304
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (571)]: ajp13_unmarshal_response: Number of
headers is = 2
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (614)]: ajp13_unmarshal_response: Header[0]
[Content-Type] = [text/html]
[Tue Sep 18 22:34:02 2001] [jk_ajp13.c (614)]: ajp13_unmarshal_response: Header[1]
[Content-Length] = [140]
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (208)]: Into
jk_ws_service_t::start_response
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (258)]: received from ajp13 #144
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (342)]: Into jk_ws_service_t::write
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (258)]: received from ajp13 #2
[Tue Sep 18 22:34:02 2001] [jk_isapi_plugin.c (572)]: HttpExtensionProc service()
returned OK
[Tue Sep 18 22:34:02 2001] [jk_ajp13_worker.c (549)]: Into jk_endpoint_t::done
In the Tomcat console window I get 4 of the following:
Ajp13: Certificate convertion failed
java.security.cert.CertificateException: Unable to initialize,
java.io.IOException: DerInputStream.getLength(): lengthTag=76, too big.
