Re: A selection of SSL bugs...

From: <anri@dont-contact.us>
Date: 23 Oct 1998 13:46:07 +0300

On Thu, 22 Oct 1998, Stefan Rompf wrote:

> At 10:38 22.10.98 +0100, Richard Stagg wrote:
>
> >If I try browsing to https://c123456:98765@www.wibble.com, Squid does a
> >CONNECT c123456.ourcomp.co.uk:98 which is clearly duff. ("ourcomp.co.uk" is
> >the local_domain as defined in squid.conf; "98" is the first two digits of
> >the password!) This looks like a parsing problem to me. I don't believe
> >it's a client problem as the erroneous string is made up of bits from the
>

> My Guess: Netscrap misinterprets the URL and tries to connect to c123456,
> Port 98 (telling squid to CONNECT c123456:98 HTTP/1.0). Squid appends the
> local domain and that's what you see in the log file. Unfortunately, I
> don't have access to a proxy right now to verify it.
>
> cu.. Stefan
>

And my guess - you working under firewall, and your gateway (ie squid-gw,
http-gw whatever) doesnt work properly. I've tried the same on Netscape
Communicator 4.5b https://mylogin:12542@site.polynet.lviv.ua
Success. logged via ssl to site as mylogin.

Netscape forever!

___________
Anri
Webmaster at PolyNet
Received on Fri Oct 23 1998 - 05:27:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:45 MST