** Description changed: + [Impact] + In Apache 2.4.7 the wstunnel proxy has a bug where a plain-text request is sent to a WSS URL. The bug is described in - https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in - 2.4.10. Is it possible to backport this (trivial) fix to 2.4.7 for - Ubuntu 14.04 ? + https://bz.apache.org/bugzilla/show_bug.cgi?id=55320 and fixed in 2.4.10 + with a very short and non-invasive patch. + + [Test Case] + + This is a testcase involving websockify and NoVNC. + + On Host A install a VNC server listening on port 5900. On the same host + also install websockify to make VNC accessible through websocket. Launch + websockify with + + websockify --cert privatecert.pem --ssl-only 6080 localhost:5900 + + where privatecert.pem contains both a certificate and the corresponding + private key. + + On Host B install Apache 2.4 and download NoVNC in the directory /vnc + inside the document root. Enable SSL and the websocket proxy with + + a2enmod proxy proxy_http proxy_wstunnel ssl + + Add the following configuration directives for Apache: + + <Location /ws/client> + ProxyPass wss://HostA:6080 + </Location> + + Now, connecting with a browser at the following URL: + + https://HostB/vnc/vnc.html?host=HostB&path=/ws/client/websockify&connectTimeout=5&disconnectTimeout=5&port=443&autoconnect=1 + + should launch a remote VNC session on HostB, but it does not work + because the tunnel created by ProxyPass does not really use SSL. + + [Regression Potential] + + If someone had incorrectly configured Apache to use a WSS proxy towards + a server which only supports WS, this would stop working after the bug + is fixed. This can be fixed replacing the WSS schema with WS. OS: Ubuntu 14.04.2 LTS Package: 2.4.7-1ubuntu4.4
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1445914 Title: Secure web socket proxy does not work in Apache 2.4.7 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1445914/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
