OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Bug in support for SSL repositorys?

Open Harvester Systems support questions and answers, bug reports, and development issues.

Moderators: jmacgreg, michael, John

Forum rules
Developer Resources:

Git: You can access our public Git Repository here. Comprehensive Git usage instructions are available on the wiki.

Bugzilla: You can access our Bugzilla report tracker here.

Search: You can use our Google Custom Search to search across our main website, the support forum, and Bugzilla.

Questions and discussion are welcome.

Bug in support for SSL repositorys?

Postby heinasen » Thu Oct 22, 2009 3:23 am

Hi,

I am trying to add an DSpace archive on https://ao.doria.fi. The base URL is https://ao.doria.fi/dspace-oai/request.

However, as I try to add the archive, I get error claiming that my URL is invalid.

I am by no means a web application programmer (rather a C/C++ developer) but I dug a little and here is what I found:

The actual http-request is generated here: lib\pkp\classes\file\wrappers\HTTPFileWrapper.inc --> open(). The problem is that if SSL is used (https) harvester includes the protocol identifier to the request Host-field. And this seems to be wrong and causing servers to respond with "Bad Request, 400". I verified the behaviour also by simple request to www.example.com.

Fix for me was a little hack removing the ssl:// - prefix from the generated request. So final request should have the Host-field like this: "ao.doria.fi". Instead of "ssl://ao.doria.fi", which is causing server to reply "Bad Request".

I am using version 2.3.0.

As I said, I'm no web application developer so I might be doing something silly, but I thought to report this finding anyways :)

BR,
Markku Heinäsenaho
heinasen
 
Posts: 1
Joined: Thu Oct 22, 2009 2:57 am

Re: Bug in support for SSL repositorys?

Postby asmecher » Thu Oct 22, 2009 8:00 am

Hi Markku,

Without the ssl:// prefix, you're not using SSL as a transport for the data -- it'll go through plain HTTP that way. You might try turning off the "allow_url_fopen" in config.inc.php, but in general, it would help to check the repository's log to find out what it's seeing of these requests.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8479
Joined: Wed Aug 10, 2005 12:56 pm


Return to Open Harvester Systems Support and Development

Who is online

Users browsing this forum: No registered users and 3 guests