Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

ProxyConnect and SSL ?

edited March 2011 in Vanilla 2.0 - 2.8
Has anyone gotten proxy connect to work under ssl? In my dev environment (non-ssl) everything worked perfectly. I moved to production where SSL is required and suddenly it no longer works. It takes a long time as in minutes before anything appears, and when it does it did not log in through the proxy connect I get the sign in screen. This is not a wordpress installation it is actually a rails app with vanilla forums embedded. If I disable the proxy connect things work fast, but of course users are not logged in automatically.

Thoughts?

-Dennis
Tagged:

Comments

  • i'm looking at the ProxyRequest() function called by ProxyConnect(), if you don't have curl compiled-in to php then it will use fsockopen() to send a regular http/1.1 request.

    my webserver responds to this with "Bad request".
  • I am currently working with Vanilla 2.0.18b2 with proxyconnect 1.9.7 where the whole site is SSL. I also walked into the 'Bad Request' issue with some strange entries in my Apache access.log like:127.0.0.1 - - [25/Jul/2011:11:18:21 +1000] "\x16\x03\x01" 200 5418.

    It turns out the'\x16\x03\x01' is a SSL negotiation failure. It took me a while to find out the version of cURL was incompatable with the version of OPENSSL. Identified via phpinfo();

    To get around this a section of code needs to be commented out. This is in vanilla/library/core/functions.general.php and the section is within the ProxyRequest function. I commented out the section from 'if (function_exists('curl_init'))' to just prior to 'if (function_exists('fsockopen'))'.

    cURL may be superior to fsock but sometimes you don't have a choice. This is just a quick hack. I'm sure somebody else can do better.
  • I found that you have to specify the port number in the authenticate URL. Otherwise ProxyRequest in Vanilla tries to set the port to 80, which doesn't work.

    So use

    http://hostname.com:443/proxyconnect.php

    Bad bug in Vanilla, IMO, it should look for https in the URL, if it's there set the port to 443, instead of 80.

  • ToddTodd Chief Product Officer Vanilla Staff

    We always accept pull requests.

    Tim
Sign In or Register to comment.