Thorsten,
On 4/17/25 1:54 AM, Thorsten Heit wrote:
Hi Chris,
That definitely sounds odd. Do you have anything on the network
between the client (browser) and the server (Tomcat)? Specifically,
anything like a load-balancer, proxy, or similar?
I just want to remove other possible causes before diving into Tomcat
(but from your description, Tomcat does seem to be the suspicious
component, here).
No, there's nothing in between me and Tomcat. It's reproducible also by
directly using curl on the command line:
"curl -v --insecure --noproxy '*' https://.../"; gives me the following
on 10.1.39 (private data replaced for security):
Note: Using embedded CA bundle (233263 bytes)
Note: Using embedded CA bundle, for proxies (233263 bytes)
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Host myhost.example.com:8448 was resolved.
* IPv6: 2a02:5a0:f019:1:4448:4350:a9b4:9022
* IPv4: 10.192.141.7
* Trying [2a02:5a0:f019:1:4448:4350:a9b4:9022]:8448...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [317 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Unknown (8):
{ [41 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [5210 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: ...
* start date: May 6 10:01:48 2024 GMT
* expire date: Dec 26 10:01:48 2048 GMT
* issuer: ...
* SSL certificate verify result: self signed certificate in certificate
chain (19), continuing anyway.
* Certificate level 0: Public key type ? (4096/128 Bits/secBits),
signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (4096/128 Bits/secBits),
signed using sha256WithRSAEncryption
* Certificate level 2: Public key type ? (4096/128 Bits/secBits),
signed using sha512WithRSAEncryption
* Connected to myhost.example.com (2a02:5a0:f019:1:4448:4350:a9b4:9022)
port 8448
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://myhost.example.com:8448/my/
servlet/app?version=!!1.22.32-4-g8a3c060!!
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: myhost.example.com:8448]
* [HTTP/2] [1] [:path: /my/servlet/app?version=!!1.22.32-4-g8a3c060!!]
* [HTTP/2] [1] [user-agent: curl/8.12.1]
* [HTTP/2] [1] [accept: */*]
> GET /my/servlet/app?version=!!1.22.32-4-g8a3c060!! HTTP/2
> Host: myhost.example.com:8448
> User-Agent: curl/8.12.1
> Accept: */*
>
* Request completely sent off
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0< HTTP/2 200
< cache-control: max-age=0
< expires: Wed, 16 Apr 2025 16:22:16 GMT
< content-type: text/html;charset=UTF-8
< content-length: 7999
< date: Wed, 16 Apr 2025 16:22:16 GMT
<
{ [7999 bytes data]
100 7999 100 7999 0 0 31126 0 --:--:-- --:--:-- --:--:--
31246
* Connection #0 to host myhost.example.com left intact
With 10.1.40 using exactly the same command the result is the same apart
from the content-type:
(...)
* Request completely sent off
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0< HTTP/2 200
< cache-control: max-age=0
< expires: Wed, 16 Apr 2025 16:19:48 GMT
< content-type: content/unknown;charset=UTF-8
< content-length: 7999
< date: Wed, 16 Apr 2025 16:19:48 GMT
<
{ [7999 bytes data]
100 7999 100 7999 0 0 32015 0 --:--:-- --:--:-- --:--:--
32124
This is what's puzzling me...
BTW, I'm using a system-wide Tomcat installation under /usr/local/share
and a user installation with its own ./conf directory; basically the
same what Ubuntu is offering via the packages "tomcat10-common" and
"tomcat10-user".
This way I can switch the Tomcat version to be used by simply changing
the CATALINA_HOME variable in the startup script. But I guess this
shouldn't matter...
Tomcat is never going to figure out what MIME type should be used for a
request like "/my/servlet/app?version=!!1.22.32-4-g8a3c060!!"
So I think Mark is probably right (well, he's right like 99.999% of the
time, so...) about this being related to
https://bz.apache.org/bugzilla/show_bug.cgi?id=69623 but I suspect your
servlet is not explicitly setting a content-type.
I would be expecting Tomcat to set a default content-type of text/html
if the servlet does not explicitly set the type. If that's not
happening, it's a spec violation and we will fix it one way or another.
A quick way to fix this would be to edit the servlet or JSP that
generates this response and explicitly set the content-type response
header to "text/html". You could do this with a Filter as well if that's
more convenient, which is likely the case because it would cover all
servlets and not just the one you happen to be testing at the moment.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
