You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/12 09:21:17 UTC
svn commit: r1855295 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_headers.c
Author: icing
Date: Tue Mar 12 09:21:17 2019
New Revision: 1855295
URL: http://svn.apache.org/viewvc?rev=1855295&view=rev
Log:
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
Fixed. [Michael Kaufmann]
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/http2/h2_headers.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1855295&r1=1855294&r2=1855295&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Mar 12 09:21:17 2019
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
+ in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
+ Fixed. [Michael Kaufmann]
+
*) mod_http2: new configuration directive: ```H2Padding numbits``` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
Modified: httpd/httpd/trunk/modules/http2/h2_headers.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_headers.c?rev=1855295&r1=1855294&r2=1855295&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_headers.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_headers.c Tue Mar 12 09:21:17 2019
@@ -129,16 +129,20 @@ h2_headers *h2_headers_rcreate(request_r
{
h2_headers *headers = h2_headers_create(status, header, r->notes, 0, pool);
if (headers->status == HTTP_FORBIDDEN) {
- const char *cause = apr_table_get(r->notes, "ssl-renegotiate-forbidden");
- if (cause) {
- /* This request triggered a TLS renegotiation that is now allowed
- * in HTTP/2. Tell the client that it should use HTTP/1.1 for this.
- */
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, headers->status, r,
- APLOGNO(03061)
- "h2_headers(%ld): renegotiate forbidden, cause: %s",
- (long)r->connection->id, cause);
- headers->status = H2_ERR_HTTP_1_1_REQUIRED;
+ request_rec *r_prev;
+ for (r_prev = r; r_prev != NULL; r_prev = r_prev->prev) {
+ const char *cause = apr_table_get(r_prev->notes, "ssl-renegotiate-forbidden");
+ if (cause) {
+ /* This request triggered a TLS renegotiation that is not allowed
+ * in HTTP/2. Tell the client that it should use HTTP/1.1 for this.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, headers->status, r,
+ APLOGNO(03061)
+ "h2_headers(%ld): renegotiate forbidden, cause: %s",
+ (long)r->connection->id, cause);
+ headers->status = H2_ERR_HTTP_1_1_REQUIRED;
+ break;
+ }
}
}
if (is_unsafe(r->server)) {