HTTPS using TLS/SSL client not working

StackOverflow https://stackoverflow.com/questions/22464322

  •  16-06-2023
  •  | 
  •  

Pergunta

According to RFC 2818, Section 2: http://www.ietf.org/rfc/rfc2818.txt

"Conceptually, HTTP/TLS is very simple. Simply use HTTP over TLS precisely as you would use HTTP over TCP."

I have an application that connects to a web server on port 443 with a TLS/SSL client. After connecting, the TLS client sends an HTTP header and associated HTTP payload (all contained as application payload for the TLS/SSL client).

POST https://www.somehost.com/pubs/m_login HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Host: www.somehost.com
User-Agent: NativeHost
Content-Length: 50

username=user%40example.com&password=password

I receive a 200 response from the server, indicating it got my request. However, the HTTP response body contains the actual server application response and this indicates a failure.

HTTP/1.1 200 OK
Date: Tue, 18 Mar 2014 02:47:43 GMT
Server: Apache/2.2.24 (FreeBSD) mod_fastcgi/2.4.6 mod_ssl/2.2.24 OpenSSL/0.9.8e DAV/2 mod_perl/2.0.8 Perl/v5.12.5
Cache-Control: no-cache, max-age=0
Pragma: no-cache0
Content-Length: 118
Set-Cookie: bcdb_session=cd12abe27a5c55e3a076763329cc0cd31e246751; path=/; expires=Tue, 01-Apr-2014 02:47:43 GMT; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml; charset=UTF-8

<?xml version="1.0" encoding="UTF-8"?>
<appname>
<error>not_logged_in</error>
<status>error</status>
</appname>

When I use a client capable of HTTPS and send the send request headers and body, I get a successful response (Both a http 200 response and the response body indicates success).

HTTP/1.1 200 OK
Date: Tue, 18 Mar 2014 03:04:22 GMT
Server: Apache/2.2.24 (FreeBSD) mod_fastcgi/2.4.6 mod_ssl/2.2.24 OpenSSL/0.9.8e DAV/2 mod_perl/2.0.8 Perl/v5.12.5
Cache-Control: no-cache, max-age=0
Pragma: no-cache0
Content-Length: 84
Set-Cookie: bcdb_session=9c0e22a54d7fc28dbd19b748c287d1b25166d78c; path=/; expires=Tue, 01-Apr-2014 03:04:22 GMT; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml; charset=UTF-8

<?xml version="1.0" encoding="UTF-8"?>
<appname>
<status>ok</status>
</appname>

I have tried to capture the network data for the two scenarios and compare them. I can capture the HTTPS client as it supports an HTTP-proxy (and I use Fiddler). The SSL/TLS client cannot use an HTTP proxy solution, but it supports a SOCKS proxy.

Two questions:

1) Any idea why there may be a different result using an HTTPS client vs. a TLS/SSL client?

2) Can someone recommend a SOCKS proxy to use that will provide similar access to the request/response data as Fiddler does?

Thanks, Mike

Foi útil?

Solução

Are you sure the request is the same in both cases? Eg. the first line is not correct for valid HTTP request. If you connect directly, the request line should be POST /pubs/m_login HTTP/1.0 and NOT POST https://www.somehost.com/pubs/m_login HTTP/1.0.

Unfortunately SOCKS server won't help you dump the request, because TLS connection is secured against this. SOCKS server offers an opaque tunnel.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top