You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2019/05/17 13:20:16 UTC
svn commit: r1859435 - in /httpd/test/framework/trunk/t:
conf/ssl/proxyssl.conf.in ssl/proxy.t
Author: rjung
Date: Fri May 17 13:20:16 2019
New Revision: 1859435
URL: http://svn.apache.org/viewvc?rev=1859435&view=rev
Log:
Add two proxy VHosts, that forward via https and
use SSLProxyMachine* directives inside <Proxy>
containers.
Such use was broken as a regression in 2.4.39
but should be fixed soon via backports of
PR 63430.
Modified:
httpd/test/framework/trunk/t/conf/ssl/proxyssl.conf.in
httpd/test/framework/trunk/t/ssl/proxy.t
Modified: httpd/test/framework/trunk/t/conf/ssl/proxyssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/ssl/proxyssl.conf.in?rev=1859435&r1=1859434&r2=1859435&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/ssl/proxyssl.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/ssl/proxyssl.conf.in Fri May 17 13:20:16 2019
@@ -53,6 +53,64 @@
ProxyPassReverse / https://@proxyssl_url@/
</VirtualHost>
+ #here we can test http <-> https using SSLProxyMachine* inside <Proxy>
+ <VirtualHost proxy_http_https_proxy_section>
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+
+ SSLProxyProtocol All
+ SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyCACertificatePath @ServerRoot@/conf/ssl
+ SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ SSLProxyVerify on
+ SSLProxyVerifyDepth 10
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ <IfDefine APACHE2>
+ <Proxy https://@proxyssl_url@>
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+ </Proxy>
+ </IfDefine>
+ </VirtualHost>
+
+
+ #here we can test https <-> https using SSLProxyMachine* inside <Proxy>
+ <VirtualHost proxy_https_https_proxy_section>
+ SSLEngine on
+
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyVerify on
+ SSLProxyCARevocationPath @SSLCA@/asf/crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ <IfDefine APACHE2>
+ <Proxy https://@proxyssl_url@>
+ # ensure that client_ok.pem is picked first:
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+ </Proxy>
+ </IfDefine>
+ </VirtualHost>
+
#here we can test https <-> http
<VirtualHost proxy_https_http>
SSLEngine on
Modified: httpd/test/framework/trunk/t/ssl/proxy.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/proxy.t?rev=1859435&r1=1859434&r2=1859435&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/ssl/proxy.t (original)
+++ httpd/test/framework/trunk/t/ssl/proxy.t Fri May 17 13:20:16 2019
@@ -7,14 +7,18 @@ use Apache::TestUtil;
use Apache::TestCommon ();
my %frontend = (
- proxy_http_https => 'http',
- proxy_https_https => 'https',
- proxy_https_http => 'https',
+ proxy_http_https => 'http',
+ proxy_https_https => 'https',
+ proxy_https_http => 'https',
+ proxy_http_https_proxy_section => 'http',
+ proxy_https_https_proxy_section => 'https',
);
my %backend = (
- proxy_http_https => 'https',
- proxy_https_https => 'https',
- proxy_https_http => 'http',
+ proxy_http_https => 'https',
+ proxy_https_https => 'https',
+ proxy_https_http => 'http',
+ proxy_http_https_proxy_section => 'https',
+ proxy_https_https_proxy_section => 'https',
);
my $num_modules = scalar keys %frontend;