#2885 Strange SSL issue in 4.2.4


Apache Webserver, shared SSL, PHP 5
Site is running well with https, port 443.

But in Configuration: Phpgedview Url is automatically recognized as http connection but with port 443.
Same if you access site directly via https or via http redirect to https
Mail is sent for new user registration with the link: http://domain.com:443/...
If manually adding the paths to the site configuration, above value is added too it causing an endless loop.

Can it be that $Server https is blank and this is the cause for the wrong values?

Thank you for helping!


  • Shredder

    Shredder - 2012-02-08


  • Shredder

    Shredder - 2012-02-08
    • priority: 5 --> 7
  • Shredder

    Shredder - 2012-02-08

    This happens on logout:

    <title>400 Bad Request</title>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not understand.<br />
    Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
    Instead use the HTTPS scheme to access this URL, please.<br />
    <blockquote>Hint: <a href=""><b></b></a></blockquote></p>
    <address>Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 Server at Port 443</address>

  • Shredder

    Shredder - 2012-02-08
    • assigned_to: nobody --> canajun2eh
  • Shredder

    Shredder - 2012-02-08

    This is the behaviour with IE 6:

    returns to login page as it should, but: without https.

  • Gerry Kroll

    Gerry Kroll - 2012-02-08

    Please don't assign bug reports. This should not be done by the reporter.

    What happens when you fill in the $SERVER_URL value in the "config.php" file with the correct information? You might have to do this manually, since PGV obviously won't run properly.

    You might need to set a value into the $LOGIN_URL variable too.

    I have no experience with https , so i'm not going to be able to advise you very well.

  • Gerry Kroll

    Gerry Kroll - 2012-02-08
    • assigned_to: canajun2eh --> nobody
  • Shredder

    Shredder - 2012-02-08

    thank you for your answer, sorry, didn´t know this about assignments, new here...

    if i fill in the $server_url in config.php both values are used, the filled in one and the system estimated one is added behind, resulting in an endless loop.

    same if $login_url is set.

    could it be that the ssl proxy host has to be defined somewhere as it is NOT the localhost?

    the site is running free of errors on port 443, logout results in the call for a http page but with port 443. so it looks that the parameter for the protocol is not properly set too https

  • Shredder

    Shredder - 2012-02-08

    following info might help:

    if i login with twice with two browsers, both function over https without problem.

    logout from the first browser results to above described problem

    but if i logout from the second browser, this one redirects correctly to https.login-page

  • Gerry Kroll

    Gerry Kroll - 2012-02-09

    Please try upgrading to the "SVN" version. The download link and instructions are in a recent Help topic whose title begins with "Repost: ..."

    If you're editing the config.php file manually, be sure to include the "http://" or "https://" at the beginning of the server URL, and also be sure that there is a trailing "/" in the URL.

    The Login URL should be empty.

    How are you launching PGV before you log in? Are you using a URL that begins with "https://"? If not, that could be the source of your problem.

  • Shredder

    Shredder - 2012-02-09

    if a user comes with http he is redirected by .htaccess to https:// this works fine
    if a user comes directly with https works fine too

    no errors in phpgedview when working with it

    but on logout phpgedview tries to open the login page with http on port 443 instead of https

    this is not matter of webspace config or phpgedview config

    it seems that phpgedview is not handling the server url correctly as http is in the url instead of https

    changing config.php results in endless loop as the value of config.php is added to the url which is estimated by phpgedview itsellf.

    when logged in with https the value for admin/configuration is estimated as: http://www.fitzek.cc:443/

    this value is causing the problems for logout, and user registration as the reg-link is wrong too.

    it seems phpgedview is handling the $server parameters wrong

  • Shredder

    Shredder - 2012-02-09

    SVN update did not change anything

  • Shredder

    Shredder - 2012-02-09

    which function(s) do the estimation of the server url? I think there is the error.
    are there problems because of open ssl and the ssl proxy?

  • Shredder

    Shredder - 2012-02-09

    i made it working now, but this is still a bug:

    session.php line 203: replaced port "80" by port "443"

    (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT']==443 ? '' : ':'.$_SERVER['SERVER_PORT'])

  • Gerry Kroll

    Gerry Kroll - 2012-02-09

    Sorry, you've lost me here, ....

    Exactly HOW is that server_url supposed to behave?

    What I see in the code is this:
    1. Depending on whether the incoming protocol is SSL or not, the front part of the URL is either "https://" or "http://". This has nothing to do with the port on which the request comes in.

    2. Following the protocol designation from (1), we have the plain-vanilla URL such as "foo.bar.com" or an IP address of some sort. The logic says this part could be empty, but I don't see how that's ever possible.

    3. Lastly, we have an optional port number that has nothing to do with the protocol designation decided upon in (1). If the incoming request didn't use port 80, the port number is appended to the concatenated (1) and (2).

  • Shredder

    Shredder - 2012-02-09

    well, it works with this "workaround" very well. i´m not a programmer and i have only little knowledge on php.

    the site was connected via https:// and it worked well except on logout, the program tried to access the login page via http:// on port 443. this the server didn´t like.

    it looks like the port i changed is not an option but hardcoded port 80, there is no alternative switch to port 443 as i could see. two lines above there is an option for http or https for the program, concerning the port there isn´t.

    as i changed it, it worked. no errors, no problems, simply perfect.

    the original code is in ./includes/session.php:

    (empty($_SERVER['HTTPS']) || !in_array($_SERVER['HTTPS'], array('1', 'on', 'On', 'ON')) ? 'http://' : 'https://').
    (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']).
    (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT']==80 ? '' : ':'.$_SERVER['SERVER_PORT'])

    this seems to lead to a wrong server_url including http instead of https.

    now, after changing the port value, also in admin/configuration the correct value is shown as https://........

  • Gerry Kroll

    Gerry Kroll - 2012-02-09

    What values do you have set in the config.php file for (a) server URL and (b) login URL? These configuration entries would normally be empty.

  • Shredder

    Shredder - 2012-02-09

    no values in there.

    if i added values, it resulted in a summary of the system estimated value plus the manually inserted value.

    now, after changing the port, the system would accept changed values, but i don´t need them, so left empty.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks