[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] PHP/CGI and weird SSL problem
- Subject: RE: [cobalt-users] PHP/CGI and weird SSL problem
- From: "Paul Shuttleworth" <paul@xxxxxxxxxxxxxx>
- Date: Thu Feb 12 14:51:00 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Phil Beynon
> Sent: 12 February 2004 19:58
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] PHP/CGI and wierd SSL problem
>
>
> > > > From this we can conclude that the variables exist in page one, pass
> > > > the validation, get posted to the next page and then vanish
> into thin
> > > > air!!!!!
> > >
> > > Do you use $_POST[''] array to get variables values?
> > > What php version do you have?
> > >
> > > Dmitry
> >
> >
> > Yes, for example
> >
> > $fullname = $_POST['fullname'];
> > $address1 = $_POST['address1'];
> > $address2 = $_POST['address2'];
> > $address3 = $_POST['address3'];
> > $address4 = $_POST['address4'];
> >
> > PHP version is
> >
> > PHP Release 4.1.2-3
> >
> >
> >
> > Paul.
> >
>
> Do a phpinfo and check the environment variables such as _ENV["HTTPS"] and
> around that area.
> Have you determined if it is browser specific?
>
> A workaround would be to just drop the variables into a MySQL table and a
> session id cookie onto the user then pick them up again on page
> 2, not ideal
> but a quicker fix.
>
> Phil
Thanks Phil
Just for the archives I think we have solved this problem.
Big thanks to Greg Sloman who pointed me in the right direction.
It seems to be a problem related to IE and timeouts on https connections.
There seem to be two fixes.
1. From the Sun forum >>> (watch the line wrap)
http://cobalt-forum.sun.com/forum/index.php?t=msg&th=6288&rid=&S=e2ca86ab7fb
20c517caf68d356097cca&pl_view=&start=0#msg_106463
<snip>
The solution is simple.
Don't ask me why it works, but it works.
We are doing it this way for 4 years now :-)
In your httpd.conf change
# KeepAliveTimeout: Number of seconds to wait for the next request
#KeepAliveTimeout 15
KeepAliveTimeout 90
So set the time out from 15 to 90
That's all.
<snip>
2. Perl hack to httpd.conf provided by Sun in 2002!!
<snip>
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
$ret = ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
# added for ie ssl bug fix 26-7-02
$PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
$PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
$PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile
/home/sites/$group/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
# added for ie ssl bug fix 26-7-02
$PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
$PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
$PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
$PerlConfig .= "SSLengine on\n";
$PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
$PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
$PerlConfig .= join('', @ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}
}
}
}
close HTTPD_CONF;
</snip>
We have tried number 1 (so far) and initial testing looks good!!
Thanks again Greg!
Paul.