You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/12/03 18:32:06 UTC

[Bug 58688] New: Missing mod_ssl connection-level upgrade headers for OPTIONS * requests

https://bz.apache.org/bugzilla/show_bug.cgi?id=58688

            Bug ID: 58688
           Summary: Missing mod_ssl connection-level upgrade headers for
                    OPTIONS * requests
           Product: Apache httpd-2
           Version: 2.4.17
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: wrowe@apache.org

Bug in the behavior of httpd prior to 2.4.18 

OPTIONS * HTTP/1.1
Host: example.com

HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:16 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Content-Length: 0

OPTIONS / HTTP/1.1
Host: example.com

HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:51 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Upgrade: TLS/1.0, HTTP/1.1
Connection: upgrade
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
Content-Type: text/html

The missing Allow header is by-design (according to comments in http_core.c),
the missing Content-Type header is correct (no content delivered).

The missing Upgrade/Connection headers are incorrect, this is due to mod_ssl
adding the upgrade headers in the fixups; however fixups are not run for any
TRACE or OPTIONS * requests as they are bypassed in ap_process_request once
it determines that the core map_to_storage hook indicated that neither request
would reside in storage.

Moving this to post ReadReq hook in ssl_engine_kernel.c seems to fix this
quirk,
patch incoming.  An alternative place for such a non-storage fixup would be a 
run-first map_to_storage hook (this seems far less intuitive).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58688] Missing mod_ssl connection-level upgrade headers for OPTIONS * requests

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58688

--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> ---
Fixed in r1717816, proposed for backport.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58688] Missing mod_ssl connection-level upgrade headers for OPTIONS * requests

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58688

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Christophe JAILLET <ch...@wanadoo.fr> ---
Backported in 2.4.x in r1729873

This is part of 2.4.19.
CHANGES entry also added.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org