Unable to use with Apache http authentication

[GoogleCodeExporter]

Hi,
When I configure a directory using http basic authentication I cannot use SPDY. 
Chrome enter in an endless loop when I put https://xxx.yyy.com/sms in the 
address bar.
I can use spdy on a directory without basic authentication

I use apache 2.2.22 with this modules (direct copy from my conf):
ssl spdy alias auth_basic authn_file authz_host authz_groupfile authz_default 
authz_user autoindex cgi dir env expires include log_config mime setenvif 
suexec userdir rewrite jk auth_digest ldap authnz_ldap proxy proxy_ajp 
proxy_http passenger fcgid scgi dav dav_svn headers flvx python authn_otp 
deflate

the interesting parts of my apache site.conf are:
<VirtualHost 192.168.2.10:80>
  ServerName xxx.yyy.com
  DocumentRoot /srv/www/xxx.yyy.com
  AddDefaultCharset utf-8
      <Directory  "/srv/www/xxx.yyy.com/sms">
        options followsymlinks
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
      </Directory>

</VirtualHost>
<VirtualHost 192.168.2.10:443>
       SSLEngine on
       SSLCertificateFile           cert.pem
       SSLCertificateKeyFile        key.pem
       SSLVerifyClient none
       SSLCACertificateFile          ca.pem
       SSLEngine on
       SSLProtocol -all +TLSv1 +SSLv3
       SSLCipherSuite ALL:-kEDH:-RC2:-MD5:-RC4:-DES
       SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
       ServerName xxx.yyy.com
       DocumentRoot /srv/www/xxx.yyy.com
       AddDefaultCharset utf-8
      <Directory "/srv/www/xxx.yyy.com/sms/" >
        AddOutputFilterByType DEFLATE text/html text/plain application/xhtml+xml text/xml text/css text/rtf application/x-javascript application/json
        AuthType Basic
        AuthName "restricted area"
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://authenticator.yyy.com/ou=Users,dc=yyy,dc=com?uid?sub?(objectClass=posixAccount)"
        Require valid-user
      </Directory>
</VirtualHost>

Original issue reported on code.google.com by gronan.r...@gmail.com on 11 Feb 2012 at 9:55

[GoogleCodeExporter]

It may be the case that we break authentication. We'll dig in and debug.

In the meantime, I'd like to verify a few things:

Did you add

SpdyEnabled on

in your config?

Can you also include any messages from mod_spdy in your error log?

Please also make sure you update to the newest mod_spdy revision (r241)

Thanks!

Original comment by bmcqu...@google.com on 15 Feb 2012 at 2:31

[GoogleCodeExporter]

It is r241. It is also on in the global context. I cannot enable it in the
virtual host context because it makes an SNI error. I'll send you the log.
Perhaps it is linked with the SNI configuration. server name indication is
enabled in all the ssl hosts.
Le 15 f�vr. 2012 15:32, <mod-spdy@googlecode.com> a �crit :

Original comment by gronan.r...@gmail.com on 15 Feb 2012 at 2:38

[GoogleCodeExporter]

First I put "SpdyEnabled On" just before the "SSLEngine On" and I got this 
error message in the log when I access my website on a directory without 
authentication

[Thu Feb 16 08:54:30 2012] [error] Hostname xxx.yyy.com provided via SNI, but 
no hostname provided in HTTP request
(I have 3 virtual ssl host sharing the same IP it works perfectly with all 
modern browser/os)

Second I put "SpdyEnabled On" in the global context and SPDY works perfectly on 
/zabbix without  HTTPAuthentication 
This directory host a Zabbix 1.8.9 server wich is an enterprise-class open 
source distributed monitoring solution the web part is wrote in php5.

But when I try to access the https://***/sms directory there is no error in the 
apache log but Chrome enter an endless wait.
Accessing the same https://***/sms directory from Firefox (without 
spdy)/Opera/IE works perfectly

note I use this settings for SSL port configutation:
            Listen 127.0.0.9:443
            Listen 192.168.2.10:443
            Listen 192.168.2.5:443
            NameVirtualHost 192.168.2.10:443
            NameVirtualHost 192.168.2.5:443
            SSLStrictSNIVHostCheck off

And apache is launch with 
/usr/sbin/httpd2-worker -f /etc/apache2/httpd.conf -DDEFAULT_VHOST -DSSL 
-DSSL_DEFAULT_VHOST
command line 
For being complete I use php5 cgi-fcgi sapi with mod_fcgid:

PHP 5.3.10 (cgi-fcgi) (built: Feb  9 2012 16:02:58) (DEBUG)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies

Original comment by gronan.r...@gmail.com on 16 Feb 2012 at 8:13

[GoogleCodeExporter]

Thanks for the report.  I can reproduce the Chrome-endlessly-waiting problem 
with even a very simple authentication setup, so it seems that mod_spdy is 
breaking with Apache http authentication (something that I had not yet tested). 
 I'll start looking into how to fix this.

Original comment by mdste...@google.com on 17 Feb 2012 at 5:44

• Changed state: Accepted

[GoogleCodeExporter]

I think I've found the issue.  Essentially, we are failing to insert our 
HTTP-to-SPDY translation filters along the code path that is invoked when 
authentication fails and the server needs to send back a 401 response, so 
nothing gets sent and Chrome just hangs, waiting for a response.

The fix appears to be simple; I'll let you know when it's checked in.

Original comment by mdste...@google.com on 17 Feb 2012 at 8:01

• Changed state: Started

[GoogleCodeExporter]

I think I've fixed this issue with r243.  Can you sync to that revision and let 
me know if authentication works for you now?

Original comment by mdste...@google.com on 18 Feb 2012 at 6:56

[GoogleCodeExporter]

Thanks a lot it works perfectly, you can close this issue

Original comment by gronan.r...@gmail.com on 19 Feb 2012 at 10:24

[GoogleCodeExporter]

Wonderful, thanks for confirming!  Please do let us know if anything else 
breaks for you.  (-:

Original comment by mdste...@google.com on 20 Feb 2012 at 4:12

• Changed state: Fixed