Please upgrade here. These earlier versions are no longer being updated and have security issues.

ProxyConnect and SSL ?

edited March 2011 in Vanilla 2.0 - 2.3
Has anyone gotten proxy connect to work under ssl? In my dev environment (non-ssl) everything worked perfectly. I moved to production where SSL is required and suddenly it no longer works. It takes a long time as in minutes before anything appears, and when it does it did not log in through the proxy connect I get the sign in screen. This is not a wordpress installation it is actually a rails app with vanilla forums embedded. If I disable the proxy connect things work fast, but of course users are not logged in automatically.

Thoughts?

-Dennis
Tagged:

Comments

  • i'm looking at the ProxyRequest() function called by ProxyConnect(), if you don't have curl compiled-in to php then it will use fsockopen() to send a regular http/1.1 request.

    my webserver responds to this with "Bad request".
  • I am currently working with Vanilla 2.0.18b2 with proxyconnect 1.9.7 where the whole site is SSL. I also walked into the 'Bad Request' issue with some strange entries in my Apache access.log like:127.0.0.1 - - [25/Jul/2011:11:18:21 +1000] "\x16\x03\x01" 200 5418.

    It turns out the'\x16\x03\x01' is a SSL negotiation failure. It took me a while to find out the version of cURL was incompatable with the version of OPENSSL. Identified via phpinfo();

    To get around this a section of code needs to be commented out. This is in vanilla/library/core/functions.general.php and the section is within the ProxyRequest function. I commented out the section from 'if (function_exists('curl_init'))' to just prior to 'if (function_exists('fsockopen'))'.

    cURL may be superior to fsock but sometimes you don't have a choice. This is just a quick hack. I'm sure somebody else can do better.
  • I found that you have to specify the port number in the authenticate URL. Otherwise ProxyRequest in Vanilla tries to set the port to 80, which doesn't work.

    So use

    http://hostname.com:443/proxyconnect.php

    Bad bug in Vanilla, IMO, it should look for https in the URL, if it's there set the port to 443, instead of 80.

  • ToddTodd Chief Product Officer Vanilla Staff

    We always accept pull requests.

    Tim
Sign In or Register to comment.