You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2006/01/24 23:43:45 UTC
svn commit: r372036 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS
modules/ssl/mod_ssl.c modules/ssl/mod_ssl.h modules/ssl/ssl_engine_kernel.c
Author: colm
Date: Tue Jan 24 14:43:38 2006
New Revision: 372036
URL: http://svn.apache.org/viewcvs?rev=372036&view=rev
Log:
merge r161958 from trunk:
Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown
setting when configured e.g. as a reverse proxy:
* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate. (ssl_hook_Translate): Remove.
* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.
PR: 34452
Submitted by: jorton
Modified:
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c
httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h
httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Jan 24 14:43:38 2006
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.0.56
+ *) mod_ssl: Correct issue where mod_ssl does not pick up the
+ ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
+
*) Document the ReceiveBufferSize change done in r157583 [Murray
Nesbitt <mu...@cpan.org>]
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Jan 24 14:43:38 2006
@@ -133,15 +133,6 @@
http://svn.apache.org/viewcvs?view=rev&rev=154319
+1: stoddard, striker, wrowe (as corrected in subsequent patches)
- *) mod_ssl: Fix issues picking up ssl-unclean-shutdown setting
- for e.g. a reverse proxy config, breaking interop with MSIE
- in some cases.
- http://svn.apache.org/viewcvs?view=rev&rev=161958
- rediffed for 2.0.x as:
- http://issues.apache.org/bugzilla/attachment.cgi?id=14804
- PR: 34452
- +1: jorton, trawick, jim
-
*) Block mod_cgid usage on Solaris 10 due to OS bugs. PR 34264.
http://svn.apache.org/viewcvs?view=rev&rev=264866
+1: jerenkrantz, colm, jim
Modified: httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c Tue Jan 24 14:43:38 2006
@@ -391,6 +391,10 @@
static void ssl_register_hooks(apr_pool_t *p)
{
+ /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
+ * run after mod_setenvif's post_read_request hook. */
+ static const char *pre_prr[] = { "mod_setenvif.c", NULL };
+
ssl_io_filter_register(p);
ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -399,12 +403,11 @@
ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST);
ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
ssl_var_register();
Modified: httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h Tue Jan 24 14:43:38 2006
@@ -570,7 +570,6 @@
apr_status_t ssl_init_ModuleKill(void *data);
/* Apache API hooks */
-int ssl_hook_Translate(request_rec *);
int ssl_hook_Auth(request_rec *);
int ssl_hook_UserCheck(request_rec *);
int ssl_hook_Access(request_rec *);
Modified: httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c Tue Jan 24 14:43:38 2006
@@ -30,6 +30,8 @@
-- Unknown */
#include "mod_ssl.h"
+static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+
/*
* Post Read Request Handler
*/
@@ -81,8 +83,31 @@
* Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec
*/
- if ((ssl = sslconn->ssl)) {
- SSL_set_app_data2(ssl, r);
+ ssl = sslconn->ssl;
+ if (!ssl) {
+ return DECLINED;
+ }
+ SSL_set_app_data2(ssl, r);
+
+ /*
+ * Log information about incoming HTTPS requests
+ */
+ if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "%s HTTPS request received for child %ld (server %s)",
+ (r->connection->keepalives <= 0 ?
+ "Initial (No.1)" :
+ apr_psprintf(r->pool, "Subsequent (No.%d)",
+ r->connection->keepalives+1)),
+ r->connection->id,
+ ssl_util_vhostid(r->pool, r->server));
+ }
+
+ /* SetEnvIf ssl-*-shutdown flags can only be per-server,
+ * so they won't change across keepalive requests
+ */
+ if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
+ ssl_configure_env(r, sslconn);
}
return DECLINED;
@@ -123,41 +148,6 @@
break;
}
}
-}
-
-/*
- * URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
- SSLConnRec *sslconn = myConnConfig(r->connection);
-
- if (!(sslconn && sslconn->ssl)) {
- return DECLINED;
- }
-
- /*
- * Log information about incoming HTTPS requests
- */
- if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "%s HTTPS request received for child %ld (server %s)",
- (r->connection->keepalives <= 0 ?
- "Initial (No.1)" :
- apr_psprintf(r->pool, "Subsequent (No.%d)",
- r->connection->keepalives+1)),
- r->connection->id,
- ssl_util_vhostid(r->pool, r->server));
- }
-
- /* SetEnvIf ssl-*-shutdown flags can only be per-server,
- * so they won't change across keepalive requests
- */
- if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
- ssl_configure_env(r, sslconn);
- }
-
- return DECLINED;
}
/*