You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/08/24 19:32:34 UTC
[Bug 62654] New: require ssl does not work for h2 protocol
https://bz.apache.org/bugzilla/show_bug.cgi?id=62654
Bug ID: 62654
Summary: require ssl does not work for h2 protocol
Product: Apache httpd-2
Version: 2.4.34
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: bugs@httpd.apache.org
Reporter: apache@pessoft.com
Target Milestone: ---
Hi,
When "Require ssl" directive is used on a resource and resource is accessed
using HTTP/2 protocol over SSL channel, the client is denied the access. When
"SSLRequireSSL" directive is used in such configuration instead "Require ssl",
the client can access the resource. "Require ssl" should not restrict the
access to the resource when HTTP/2 over SSL is used.
For example configuration with mod_ssl and mod_http2:
Protocols h2
<Directory /var/www/html/require>
require ssl
</Directory>
<Directory /var/www/html/sslrequire>
sslrequiressl
</Directory>
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_error_log <==
[Fri Aug 24 19:25:22.500207 2018] [authz_core:error] [pid 632:tid
139848444245760] [client 127.0.0.1:42042] AH01630: client denied by server
configuration: /var/www/html/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:25:22 +0000] "GET /require/index.html HTTP/2.0"
403 227
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:25:22 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/require/index.html HTTP/2.0" 227
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:26:53 +0000] "GET /sslrequire/index.html
HTTP/2.0" 200 7
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:26:53 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/sslrequire/index.html HTTP/2.0" 7
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62654] require ssl does not work for h2 protocol
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62654
--- Comment #2 from Graham Leggett <mi...@apache.org> ---
Backported to v2.4.38.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62654] require ssl does not work for h2 protocol
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62654
Stefan Eissing <st...@eissing.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Stefan Eissing <st...@eissing.org> ---
Found the time to check this. You are correct. mod_ssl did, in this case, not
check correctly on HTTP/2 connections. I fixes this in r1846111 and will
propose this for backport to 2.4.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org