Re: A selection of SSL bugs...

From: <rstagg@dont-contact.us>
Date: Fri, 23 Oct 1998 11:53:13 +0100

Stefan (et al.)

I've been researching all this, and the story seems to be:

* Netscape, up to 4.07, cannot handle SSL requests with
username:password@host in the URL. It does exactly as you suggest, and
sends Squid a totally duff CONNECT request.

* IE3 and upwards, and Netscape 4.07 and 4.5 can perform the SSL request
without any problems.

Something for the FAQ, maybe?

Thanks to everyone who's applied their brains to this.

Richard Stagg

squid-users@ircache.net
23/10/98 11:38

To: squid-users@ircache.net
cc: (bcc: Richard Stagg/TMU/CSC)
Subject: Re: A selection of SSL bugs...

At 10:38 22.10.98 +0100, Richard Stagg wrote:
>If I try browsing to https://c123456:98765@www.wibble.com, Squid does a
>CONNECT c123456.ourcomp.co.uk:98 which is clearly duff. ("ourcomp.co.uk"
is
>the local_domain as defined in squid.conf; "98" is the first two digits of
>the password!) This looks like a parsing problem to me. I don't believe
>it's a client problem as the erroneous string is made up of bits from the
My Guess: Netscrap misinterprets the URL and tries to connect to c123456,
Port 98 (telling squid to CONNECT c123456:98 HTTP/1.0). Squid appends the
local domain and that's what you see in the log file. Unfortunately, I
don't have access to a proxy right now to verify it.
cu.. Stefan
 +--------------------------------------------------------------+
 | Customer: I'm using Windows '95. Hotline: Ok, got that one. |
 | Customer: It's not working. Hotline: You already said that. |
 +--------------------------------------------------------------+
Received on Fri Oct 23 1998 - 05:12:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:45 MST