You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/12/03 18:32:06 UTC
[Bug 58688] New: Missing mod_ssl connection-level upgrade headers
for OPTIONS * requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=58688
Bug ID: 58688
Summary: Missing mod_ssl connection-level upgrade headers for
OPTIONS * requests
Product: Apache httpd-2
Version: 2.4.17
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: wrowe@apache.org
Bug in the behavior of httpd prior to 2.4.18
OPTIONS * HTTP/1.1
Host: example.com
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:16 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Content-Length: 0
OPTIONS / HTTP/1.1
Host: example.com
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:51 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Upgrade: TLS/1.0, HTTP/1.1
Connection: upgrade
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
Content-Type: text/html
The missing Allow header is by-design (according to comments in http_core.c),
the missing Content-Type header is correct (no content delivered).
The missing Upgrade/Connection headers are incorrect, this is due to mod_ssl
adding the upgrade headers in the fixups; however fixups are not run for any
TRACE or OPTIONS * requests as they are bypassed in ap_process_request once
it determines that the core map_to_storage hook indicated that neither request
would reside in storage.
Moving this to post ReadReq hook in ssl_engine_kernel.c seems to fix this
quirk,
patch incoming. An alternative place for such a non-storage fixup would be a
run-first map_to_storage hook (this seems far less intuitive).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58688] Missing mod_ssl connection-level upgrade headers for
OPTIONS * requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58688
--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> ---
Fixed in r1717816, proposed for backport.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58688] Missing mod_ssl connection-level upgrade headers for
OPTIONS * requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58688
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Christophe JAILLET <ch...@wanadoo.fr> ---
Backported in 2.4.x in r1729873
This is part of 2.4.19.
CHANGES entry also added.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org