From: Eric S. J. <es...@ha...> - 2005-10-25 13:04:27
|
Jonathan Angliss wrote: > > Try taking a look through the archives for this list. This comes up from > time to time, and I'm working on a work around for it. Try searching for > pix or ssl firewall. I cannot remember the exact name, but it will give > you the information you should need. thank you Jonathan. You gave me the information I needed. what I'm seeing in the archives is that squirrel mail really is not comfortable with address translation. I was working with Cherokee and we encountered some problems there but also, we found the following. Don't know if it's useful but it may be. Alvaro Lopez Ortega wrote: After some debugging I got this: === HTTP/1.1 302 Moved Temporarily Connection: Close Date: Mon, 24 Oct 2005 17:14:09 GMT Server: Cherokee/0.4.28b3 (UNIX) Location: http://localhost:444/src/right_main.php?mailbox=INBOX&sort=0&startMessage=1 X-Powered-By: PHP/4.4.0-3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=iso-8859-1 Content-length: 336 P3P: CP=3DNOI NID CURa OUR NOR UNI === This is the header the server was sending as reply to the post action. It is a bit odd to reply with 302 to a POST, but.. ok, let's assume it is okay. But, wait a second, take a look at the Location line. I was configured to use the port 444 for TLS, and I accessed the server using "https://localhost:444", so.. why the hell is it redirecting the browser to http://..:444 ? At this moment, I realized the problem was on the SquirrelMail. After some debugging I found this code in functions/strings.php: === /* * If you have 'SSLOptions +StdEnvVars' in your apache config * OR if you have HTTPS=on in your HTTP_SERVER_VARS * OR if you are on port 443 */ $getEnvVar = getenv('HTTPS'); if ((isset($getEnvVar) && !strcasecmp($getEnvVar, 'on')) || (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && !strcasecmp($https_on, 'on')) || (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) && $server_port == 443)) { $proto = 'https://'; } === So, as long as the server is not on the default port, it is not Apache, and it didn't set the HTTPS environment variable, the web mail was assuming it was HTTP. Maybe I am wrong, but I think I haven't read about that variable in any RFC until now... but anyway, Cherokee now adds the HTTPS variable, so it is working with the repository code. -------------- so, at the end of the day I think I'm still stuck. I really need to make squirrelMail work via ssl on a nonstandard port behind an address translation firewall. And everything I've seen in the archives does not build hope. I don't know what happened. it was working until the latest gentoo update screwed many things over. very unpleasant. --- eric |