Hi I have tried this approach custom JkEnvVar are pass correctly, what I
don't know how to do is how to set an already JkEnvVar to a new JkEnvVar
(what you mention about "force)) I have tried with %{SSL_SESSION_ID} and $
but no luck (Don't know if it is because originally it was null or not).Alex. El dt., 7 jul. 2015 a les 23:05, André Warnier (<a...@ice-sa.com>) va escriure: > Alex Soto wrote: > > yes it is set at httpd-ssl.config > > > https://github.com/lordofthejars/apache-tomee-ssl/blob/master/httpd-ssl.conf#L229 > > which I think that is where it should be set. > > Everything too strange, but thanks anyway. > > Then, and until Rainer himself jumps in, let me ask you if it would be > possible to make > one more test. As far as I understand, this is not the way it /should/ > work, but it may be > a way to find out what doesn't work, inasmuch as there is really a problem > : > > Somewhere in that same page, there is a way by which you can "force" a > value to be passed > on to Tomcat as a request attribute (via JkEnvVar "name" "default-value"). > Can you try to pass the SSL session-id in that way, and obtain it in > Tomcat via > request.getAttribute("name"), instead of the standard request.ssl_session ? > And check if /then/, you get it all the time ? > > Again, this is probably not the way in which this should work. But Tomcat > is open-source > and free software, and its development and debugging benefit from the help > of any > benevolent user, particularly if that user is interested in solving a > particular problem > that he is having. > > > > > El dt., 7 jul. 2015 a les 19:17, André Warnier (<a...@ice-sa.com>) va > > escriure: > > > >> Alex Soto wrote: > >>> Thank you so much but it is already set. > >>> > >> > https://github.com/lordofthejars/apache-tomee-ssl/blob/master/httpd.conf#L171 > >>> This is so strange. > >> But there is also this phrase : "In order to make SSL data available for > >> mod_jk in Apache, > >> you need to set SSLOptions +StdEnvVars." > >> > >> Honestly, I have never tried this, and I am not an SSL specialist at > all, > >> and the phrase > >> above is a bit ambiguous. But it seems worth a try, and I do not see it > >> in your > >> configuration. > >> > >>> El dt., 7 jul. 2015 a les 12:25, André Warnier (<a...@ice-sa.com>) va > >>> escriure: > >>> > >>>> Mark Thomas wrote: > >>>>> On 07/07/2015 09:28, Alex Soto wrote: > >>>>>> Hi Mark, SSL Session ID is not passed to Tomcat. You can see the > logs > >>>> here > >>>>>> https://gist.github.com/lordofthejars/226d8ed605f2a58b52f3 (I have > >>>> created > >>>>>> a gist to not add here a lot of lines). > >>>>>> > >>>>>> Now the question is is it happens because of mod_jk or because of > >>>> Apache? > >>>>>> Alex. > >>>>> OK. You've reached the limits of my conform zone. You need someone > more > >>>>> familiar with the httpd side of things at this point. Rainer? > >>>>> > >>>>> Mark > >>>> Not Rainer, but maybe this helps : > >>>> http://tomcat.apache.org/connectors-doc/reference/apache.html > >>>> Look for "JkExtractSSL". > >>>> > >>>> > >>>>>> El dl., 6 jul. 2015 a les 12:48, Mark Thomas (<ma...@apache.org>) > va > >>>>>> escriure: > >>>>>> > >>>>>>> On 06/07/2015 10:48, Alex Soto wrote: > >>>>>>>> Hello I have seen a strange behaviour in Apache HTTPD (2.4) and > >> TomEE > >>>>>>> (in > >>>>>>>> fact it is a Tomcat (7.0.61) so it is exactly the same for Tomcat) > >>>> when I > >>>>>>>> configure Apache server with SSL and mod_jk. > >>>>>>>> In fact I am not sure where it is the problem if in mod_jk, in > >> Apache > >>>>>>>> Server or in Tomcat, but I suspect that maybe the problem is on > >> mod_jk > >>>>>>>> configuration. > >>>>>>>> > >>>>>>>> I am configuring the typical Apache as frontend and TomEE(Tomcat) > as > >>>>>>>> backend solution. Currently Apache is configured with SSL and with > >>>> mod_jk > >>>>>>>> it connects to TomEE using AJP. This works perfectly. The problem > is > >>>> that > >>>>>>>> inside my code I need to get the ssl session id: > >>>>>>>> > >>>>>>>> String ssl = > >>>>>>>> > >> > (String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id"); > >>>>>>>> I don't know why but sometimes this attribute is null and > sometimes > >>>> not. > >>>>>>> It > >>>>>>>> may return a null at first then stay like 10 requests working and > >> then > >>>>>>> stop > >>>>>>>> working again during some requests and the get attribute returns > >> null. > >>>>>>>> It seems that everything is configured correctly since sometimes > >>>> works. > >>>>>>>> Have you ever found something similar or knows what it can be > >>>> happening? > >>>>>>> Do > >>>>>>>> you think that maybe the problem is on client (browser) side? > >>>>>>>> > >>>>>>>> Everything is dockerized here: > >>>>>>>> https://github.com/lordofthejars/apache-tomee-ssl so you can > review > >>>>>>>> configuration files of tomcat and apache or even run it. > >>>>>>>> > >>>>>>>> Thank you so much for your support. > >>>>>>> Try turning on debug logging for mod_jk. It will generate lots of > >> data > >>>>>>> so just do it long enough to see the problem. When you look at the > >> logs > >>>>>>> you should be able to see if the SSL Session ID is being passed to > >>>>>>> Tomcat or not. > >>>>>>> > >>>>>>> Mark > >>>>>>> > >>>>>>> > >>>>>>> > --------------------------------------------------------------------- > >>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>>> > >>>>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>> > >>>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>> > >>>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
