You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2017/12/19 22:46:27 UTC
svn commit: r1818726 - in /httpd/httpd/trunk: CHANGES
modules/http2/mod_proxy_http2.c modules/proxy/mod_proxy_http.c
modules/proxy/proxy_util.c
Author: ylavic
Date: Tue Dec 19 22:46:27 2017
New Revision: 1818726
URL: http://svn.apache.org/viewvc?rev=1818726&view=rev
Log:
mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.
PR 61857.
Proposed by: Markus Gausling <markusgausling googlemail.com>
Reviewed by: ylavic
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/http2/mod_proxy_http2.c
httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
httpd/httpd/trunk/modules/proxy/proxy_util.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1818726&r1=1818725&r2=1818726&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 19 22:46:27 2017
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.
+ PR 61857. [Yann Ylavic]
+
*) mod_proxy_html: fix handling of <meta http-equiv> elements.
PR 58121. [Nick Kew]
Modified: httpd/httpd/trunk/modules/http2/mod_proxy_http2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/mod_proxy_http2.c?rev=1818726&r1=1818725&r2=1818726&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/mod_proxy_http2.c (original)
+++ httpd/httpd/trunk/modules/http2/mod_proxy_http2.c Tue Dec 19 22:46:27 2017
@@ -588,21 +588,12 @@ run_connect:
goto reconnect;
}
- if (!ctx->p_conn->data) {
- /* New conection: set a note on the connection what CN is
- * requested and what protocol we want */
- if (ctx->p_conn->ssl_hostname) {
- ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, ctx->owner,
- "set SNI to %s for (%s)",
- ctx->p_conn->ssl_hostname,
- ctx->p_conn->hostname);
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-hostname", ctx->p_conn->ssl_hostname);
- }
- if (ctx->is_ssl) {
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-alpn-protos", "h2");
- }
+ if (!ctx->p_conn->data && ctx->is_ssl) {
+ /* New SSL connection: set a note on the connection about what
+ * protocol we want.
+ */
+ apr_table_setn(ctx->p_conn->connection->notes,
+ "proxy-request-alpn-protos", "h2");
}
}
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?rev=1818726&r1=1818725&r2=1818726&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c Tue Dec 19 22:46:27 2017
@@ -2086,17 +2086,6 @@ static int proxy_http_handler(request_re
backend, r)) != OK)
break;
backconn = backend->connection;
-
- /*
- * On SSL connections set a note on the connection what CN is
- * requested, such that mod_ssl can check if it is requested to do
- * so.
- */
- if (backend->ssl_hostname) {
- apr_table_setn(backend->connection->notes,
- "proxy-request-hostname",
- backend->ssl_hostname);
- }
}
/* Don't recycle the connection if prefetch (above) told not to do so */
Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1818726&r1=1818725&r2=1818726&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/trunk/modules/proxy/proxy_util.c Tue Dec 19 22:46:27 2017
@@ -3105,6 +3105,13 @@ static int proxy_connection_create(const
backend_addr, conn->hostname);
return HTTP_INTERNAL_SERVER_ERROR;
}
+ if (conn->ssl_hostname) {
+ /* Set a note on the connection about what CN is requested,
+ * such that mod_ssl can check if it is requested to do so.
+ */
+ apr_table_setn(conn->connection->notes, "proxy-request-hostname",
+ conn->ssl_hostname);
+ }
}
else {
/* TODO: See if this will break FTP */