Forum OpenACS Development: Re: ssl(https) bug-Enhancement

Collapse
Posted by Byron Linares on
I’m wondering if i Could proceed to commit this to HEAD ??

best,

Collapse
Posted by Torben Brosten on
Byron Linares,

Are the changes optional, ie do they *not* affect existing code behavior?

How are these options switch on, by parameter?

Can you publish the code to be reviewed? or direct to: tor ben at de kka. Net without spaces.

Thank you,

Torben

Collapse
Posted by Byron Linares on
That’s right they are optional, I added a parameter in acs-tcl for this.
The patch is in the bug-tracker
http://www.openacs.org/bugtracker/openacs/bug?bug_number=3184

you can find it here:

http://home.galileo.edu/~bhlr/security-procs.tcl

modified procs

security::https_available_p
security::secure_conn_p
security::locations
security::get_secure_location

Collapse
Posted by Torben Brosten on

Byron Linares,

It seems it doesn't affect other cases. I'd recommend this change to your file to simplify the logic:

1672c1672
<     if { $sdriver ne "" || [parameter::get -parameter ReverseProxyForSsl -package_id [apm_package_id_from_key acs-tcl] -default 0] } {
---
>     if { $sdriver ne "" } {
1678c1678,1681
<     } 
---
>     } elseif {[parameter::get -parameter ReverseProxyForSsl -package_id [apm_package_id_from_key acs-tcl] -default 0] } {
>       # cosider if we are behind a reverse proxy and don't uses the aolserver ssl modules
>         lappend locations "https://${host_name}"
>     }

Assuming that revision works, I would say go ahead with the change on head since it doesn't (or isn't supposed to) affect existing systems... be sure to also add the new parameter and increase the version number in acs-tcl/acs-tcl.info.

cheers,
Torben