[Mongrel] Mongrel HTTP Header Problem

Michael Parkin michaelparkin at gmail.com
Thu Oct 12 06:18:37 EDT 2006


Hi Zed,

Thanks for the reply. I'm new to Ruby, Mongrel, Rails, etc. So please
bear with me...

On 10/12/06, Zed A. Shaw <zedshaw at zedshaw.com> wrote:

> You have some need to send the client's certificate in a bizarre header?  Ok, before I go about answer your question you should probably explain what it is you're trying to do with this.  There might be a simpler way.

Actually, no - I don't have any use for this header that Pound sends
Mongrel. But, AFAIK there's no way to remove it from the headers Pound
sends (ok, I could go in an hack Pound's source, but I want to have
standard code on my boxes...)

> If you work up a test case that demonstrates it (preferably a patch to the mongrel tests) then I can fix it up.

ok, as I've said I'm new to Ruby and I'm using developing this
application as a way to learn. This may take some time!

> One thing you didn't do is give me information from the mongrel.log.  There should have been BAD CLIENT information in there.

There's nothing in mongrel.log apart from the standard startup blurb. I.e:

** Daemonized, any open files are closed.  Look at log/mongrel.pid and
log/mongrel.log for info.
** Starting Mongrel listening at 127.0.0.1:3000
...
** Writing PID file to log/mongrel.pid

> You also didn't turn on USR1 logging so that Mongrel dumps the whole request that caused BAD CLIENT errors.  If you do send in a test case then include this information too.

Thanks for the USR1 tip: when I turn on USR1 I get the output at the
bottom of the email. Is it the \r\n\t's in the "X-SSL-certificate"
header that's the problem here?

Thanks again,

Michael.

** USR1 received, toggling $mongrel_debug_client to true
Thu Oct 12 11:04:48 +0100 2006: BAD CLIENT (127.0.0.1): Invalid HTTP
format, parsing fails.
Thu Oct 12 11:04:48 +0100 2006: REQUEST DATA: "GET /
HTTP/1.1\r\nUser-Agent: curl/7.13.1 (powerpc-apple-darwin8.0)
libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3\r\nHost:
127.0.0.1:3001\r\nPragma: no-cache\r\nAccept:
*/*\r\nX-Forwarded-Proto: https\r\nX-SSL-Subject:         C = xx, O =
xx, OU = xx, L = xx, CN = michael parkin\r\nX-SSL-Issuer:         C =
UK, O = eScience, OU = Authority, CN = CA, emailAddress =
ca-operator at grid-support.ac.uk\r\nX-SSL-notBefore: Jun 19 12:10:30
2006 GMT\r\nX-SSL-notAfter: Jun 19 12:10:30 2007 GMT\r\nX-SSL-serial:
8061\r\nX-SSL-certificate: -----BEGIN
CERTIFICATE-----\r\n\tMIIFbTCCBFWgAwIBAgICH4cwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVUsx\r\n\tETAPBgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMT\r\n\tAkNBMS0wKwYJKoZIhvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMu\r\n\tdWswHhcNMDYwNzI3MTQxMzI4WhcNMDcwNzI3MTQxMzI4WjBbMQswCQYDVQQGEwJV\r\n\tSzERMA8GA1UEChMIZVNjaWVuY2UxEzARBgNVBAsTCk1hbmNoZXN0ZXIxCzAJBgNV\r\n\tBAcTmrsogriqMWLAk1DMRcwFQYDVQQDEw5taWNoYWVsIHBhcmQYJKoZIhvcNAQEB\r\n\tBQADggEPADCCAQoCggEBANPEQBgl1IaKdSS1TbhF3hEXSl72G9J+WC/1R64fAcEF\r\n\tW51rEyFYiIeZGx/BVzwXbeBoNUK41OK65sxGuflMo5gLflbwJtHBRIEKAfVVp3YR\r\n\tgW7cMA/s/XKgL1GEC7rQw8lIZT8RApukCGqOVHSi/F1SiFlPDxuDfmdiNzL31+sL\r\n\t0iwHDdNkGjy5pyBSB8Y79dsSJtCW/iaLB0/n8Sj7HgvvZJ7x0fr+RQjYOUUfrePP\r\n\tu2MSpFyf+9BbC/aXgaZuiCvSR+8Snv3xApQY+fULK/xY8h8Ua51iXoQ5jrgu2SqR\r\n\twgA7BUi3G8LFzMBl8FRCDYGUDy7M6QaHXx1ZWIPWNKsCAwEAAaOCAiQwggIgMAwG\r\n\tA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMA4GA1UdDwEB/wQEAwID6DAs\r\n\tBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIFVzZXIgQ2VydGlmaWNhdGUwHQYD\r\n\tVR0OBBYEFDTt/sf9PeMaZDHkUIldrDYMNTBZMIGaBgNVHSMEgZIwgY+AFAI4qxGj\r\n\tloCLDdMVKwiljjDastqooXSkcjBwMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNj\r\n\taWVuY2UxEjAQBgNVBAsTCUF1dGhvcml0eTELMAkGA1UEAxMCQ0ExLTArBgkqhkiG\r\n\t9w0BCQEWHmNhLW9wZXJhdG9yQGdyaWQtc3VwcG9ydC5hYy51a4IBADApBgNVHRIE\r\n\tIjAggR5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswGQYDVR0gBBIwEDAO\r\n\tBgwrBgEEAdkvAQEBAQYwPQYJYIZIAYb4QgEEBDAWLmh0dHA6Ly9jYS5ncmlkLXN1\r\n\tcHBvcnQuYWMudmT4sopwqlBWsvcHViL2NybC9jYWNybC5jcmwwPQYJYIZIAYb4QgEDBDAWLmh0\r\n\tdHA6Ly9jYS5ncmlkLXN1cHBvcnQuYWMudWsvcHViL2NybC9jYWNybC5jcmwwPwYD\r\n\tVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQt5hYy51ay9wdWIv\r\n\tY3JsL2NhY3JsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAS/U4iiooBENGW/Hwmmd3\r\n\tXCy6Zrt08YjKCzGNjorT98g8uGsqYjSxv/hmi0qlnlHs+k/3Iobc3LjS5AMYr5L8\r\n\tUO7OSkgFFlLHQyC9JzPfmLCAugvzEbyv4Olnsr8hbxF1MbKZoQxUZtMVu29wjfXk\r\n\thTeApBv7eaKCWpSp7MCbvgzm74izKhu3vlDk9w6qVrxePfGgpKPqfHiOoGhFnbTK\r\n\twTC6o2xq5y0qZ03JonF7OJspEd3I5zKY3E+ov7/ZhW6DqT8UFvsAdjvQbXyhV8Eu\r\n\tYhixw1aKEPzNjNowuIseVogKOLXxWI5vAi5HgXdS0/ES5gDGsABo4fqovUKlgop3\r\n\tRA==\r\n\t-----END
CERTIFICATE-----\r\nX-SSL-cipher: AES256-SHA              SSLv3 Kx=RSA
     Au=RSA  Enc=AES(256)  Mac=SHA1\r\nX-Forwarded-For:
xxx.xxx.xxx.xxx\r\n\r\n"
---
PARAMS: {"HTTP_X_SSL_NOTBEFORE"=>"Jun 19 12:10:30 2006 GMT",
"HTTP_USER_AGENT"=>"curl/7.13.1 (powerpc-apple-darwin8.0)
libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3",
"HTTP_HOST"=>"127.0.0.1:3001", "HTTP_X_SSL_ISSUER"=>"C = UK, O =
eScience, OU = Authority, CN = CA, emailAddress =
ca-operator at grid-support.ac.uk", "REQUEST_PATH"=>"/",
"HTTP_VERSION"=>"HTTP/1.1", "HTTP_X_SSL_CERTIFICATE"=>"-----BEGIN
CERTIFICATE-----", "REQUEST_URI"=>"/", "HTTP_X_SSL_NOTAFTER"=>"Jun 19
12:10:30 2007 GMT", "HTTP_X_FORWARDED_PROTO"=>"https",
"HTTP_PRAGMA"=>"no-cache", "HTTP_X_SSL_SERIAL"=>"8071",
"HTTP_X_SSL_SUBJECT"=>"C = xx, O = xx, OU = xx, L = xx, CN = michael
parkin", "HTTP_ACCEPT"=>"*/*", "REQUEST_METHOD"=>"GET"}


More information about the Mongrel-users mailing list