Files cannot be downloaded over SSL in IE 6/7/8 on Windows XP

Bug #1002513 reported by Ben Johnson
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
libapache2-mod-xsendfile (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

# lsb_release -rd
Description: Ubuntu 10.04.4 LTS
Release: 10.04

# apt-cache policy libapache2-mod-xsendfile
libapache2-mod-xsendfile:
  Installed: 0.9-2
  Candidate: 0.9-2
  Version table:
 *** 0.9-2 0
        500 http://us.archive.ubuntu.com/ubuntu/ lucid/universe Packages
        100 /var/lib/dpkg/status

When I attempt to download a file over SSL, using Internet Explorer (version 6, 7, or 8) on Windows XP, I receive an error dialog in IE:

"Internet Explorer cannot download file.ext from domain.tld."

"Internet explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."

The error does not not happen over a plaintext connection, nor does it happen in IE >= 9.

I should add that when I do not use mod_xsendfile to serve the file to the user-agent, the issue does not occur, either. In other words, if I use "pure PHP" to send the data, the user-agent receives the file, as expected.

While I realize that the problem may very well be with IE, and not mod_xsendfile, the chances of Microsoft patching its older browsers are close to zero, while the chances of the package author adding agent-specific conditional logic (if possible) to address the issue are certainly better.

It would be a shame not to be able to use mod_xsendfile for anything mission-critical due to this one limitation.

description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libapache2-mod-xsendfile (Ubuntu):
status: New → Confirmed
Revision history for this message
cebe (mail-cebe) wrote :

You can work around this by removing the `Pragma`-Header created by php:

header_remove('Pragma');

Revision history for this message
Ben Johnson (a03-6eo-chg) wrote :

Thank you for the suggestion, cebe. I tried removing the "Pragma" header just before sending the file to the user-agent, but this measure does not correct the problem for me. I confirmed that the "Pragma" header is indeed gone from the response (using Firebug), but I still receive the error dialogs in IE.

Revision history for this message
Admin (ilw10) wrote :

This is your friendly ubuntu admin typing:

I just wanted to let you guys know that we here at Ubunutu really love giving our contributors the shaft: fuck you for trying to get ubuntu over ssl, and, additionally, we now no longer offer the MD5 checksums over ssl for you faggot developers.

Lol I even remember a couple times when contributors donated us money to us specifically for buying SSL and we just spent it on toiletpaper.

We get paid more $ than you can ever fucking imagine by windows and mac just to fuck you open source developers in the ass.

Have a nice day.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.