[Modules] Problems with mod_proxy

[Leandro Lucarella]

I'm having problems using mod_gnutls + mod_proxy. I've seen a thread[1] and
a bug report[2] about it, but with no resolution.

[1] http://lists.outoforder.cc/pipermail/modules/2008-February/000097.html
[2] http://issues.outoforder.cc/view.php?id=87

I think I know what the problem is: the proxied server is receiving the
encrypted data instead of the decrypted HTTP request.

Let's say we have:

     A                   B                   C
HTTPS client ------ HTTPS server ------- HTTP server

A makes a request to B, B forwards it to C but using SSL, so B expects
that C sends the SSL client hello handshake. But C is HTTP (without S), so
he hangs wainting for B to send him the request.

So everybody waits until the famous timeout expires.


I did a simple example that seems to confirm that:

<VirtualHost *:443>
        ServerName vhost.example.com
        GnuTLSEnable on
        GnuTLSExportCertificates on
        GnuTLSPriorities SECURE
        GnuTLSCertificateFile /etc/ssl/certs/apache/example.crt
        GnuTLSKeyFile /etc/ssl/certs/apache/example.key
        DocumentRoot /var/www/example
        ProxyRequests Off
        <Proxy *>
                AuthUserFile /etc/apache2/htpasswd
                AuthName "Terminal Web"
                AuthType Basic
                require valid-user
                Order Deny,allow
                Allow from all
        </Proxy>
        ProxyPreserveHost On
        ProxyPass / http://localhost:8022/
        ProxyPassReverse / http://localhost:8022/
</VirtualHost>

Then I run this python script:
import socket
s = socket.socket()
s.bind(('0.0.0.0', 8022))
s.listen(10)
(sc, addr) = ss.accept()
sslsc = socket.ssl(sc)
print sslsc.read(1000)

And this is printed:
GET / HTTP/1.1\r\n


Any information/help/fixes would be appreciated.

Thank you.

-- 
Leandro Lucarella
Integratech S.A.
4571-5252