You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/04/07 05:37:35 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h
dougm 02/04/06 19:37:35
Modified: . CHANGES
modules/proxy mod_proxy.c mod_proxy.h proxy_http.c
modules/ssl mod_ssl.c mod_ssl.h
Log:
fix ProxyPass when frontend is https and backend is http
Revision Changes Path
1.688 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -r1.687 -r1.688
--- CHANGES 5 Apr 2002 22:17:34 -0000 1.687
+++ CHANGES 7 Apr 2002 03:37:34 -0000 1.688
@@ -1,5 +1,8 @@
Changes with Apache 2.0.36
+ *) fix ProxyPass when frontend is https and backend is http
+ [Doug MacEachern]
+
Changes with Apache 2.0.35
*) mod_rewrite: updated to use the new APR global mutex type.
1.80 +12 -0 httpd-2.0/modules/proxy/mod_proxy.c
Index: mod_proxy.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.c,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- mod_proxy.c 1 Apr 2002 02:39:31 -0000 1.79
+++ mod_proxy.c 7 Apr 2002 03:37:35 -0000 1.80
@@ -1048,8 +1048,10 @@
};
APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
+static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL;
PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c)
{
@@ -1064,10 +1066,20 @@
return 0;
}
+PROXY_DECLARE(int) ap_proxy_ssl_disable(conn_rec *c)
+{
+ if (proxy_ssl_disable) {
+ return proxy_ssl_disable(c);
+ }
+
+ return 0;
+}
+
static int proxy_post_config(apr_pool_t *pconf, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
{
proxy_ssl_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
+ proxy_ssl_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
return OK;
}
1.79 +1 -0 httpd-2.0/modules/proxy/mod_proxy.h
Index: mod_proxy.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.h,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- mod_proxy.h 2 Apr 2002 04:30:49 -0000 1.78
+++ mod_proxy.h 7 Apr 2002 03:37:35 -0000 1.79
@@ -274,5 +274,6 @@
PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key);
PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, server_rec *, apr_pool_t *);
PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c);
+PROXY_DECLARE(int) ap_proxy_ssl_disable(conn_rec *c);
#endif /*MOD_PROXY_H*/
1.145 +10 -5 httpd-2.0/modules/proxy/proxy_http.c
Index: proxy_http.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/proxy/proxy_http.c,v
retrieving revision 1.144
retrieving revision 1.145
diff -u -r1.144 -r1.145
--- proxy_http.c 5 Apr 2002 18:08:07 -0000 1.144
+++ proxy_http.c 7 Apr 2002 03:37:35 -0000 1.145
@@ -389,11 +389,16 @@
backend->hostname = apr_pstrdup(c->pool, p_conn->name);
backend->port = p_conn->port;
- if (backend->is_ssl && !ap_proxy_ssl_enable(backend->connection)) {
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
- r->server, "proxy: failed to enable ssl support "
- "for %pI (%s)", p_conn->addr, p_conn->name);
- return HTTP_INTERNAL_SERVER_ERROR;
+ if (backend->is_ssl) {
+ if (!ap_proxy_ssl_enable(backend->connection)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ r->server, "proxy: failed to enable ssl support "
+ "for %pI (%s)", p_conn->addr, p_conn->name);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+ else {
+ ap_proxy_ssl_disable(backend->connection);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
1.63 +23 -0 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- mod_ssl.c 2 Apr 2002 17:30:08 -0000 1.62
+++ mod_ssl.c 7 Apr 2002 03:37:35 -0000 1.63
@@ -252,6 +252,24 @@
}
sslconn->is_proxy = 1;
+ sslconn->disabled = 0;
+
+ return 1;
+}
+
+int ssl_engine_disable(conn_rec *c)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+
+ SSLConnRec *sslconn;
+
+ if (!sc->enabled) {
+ return 0;
+ }
+
+ sslconn = ssl_init_connection_ctx(c);
+
+ sslconn->disabled = 1;
return 1;
}
@@ -279,6 +297,10 @@
sslconn = ssl_init_connection_ctx(c);
}
+ if (sslconn->disabled) {
+ return DECLINED;
+ }
+
sslconn->log_level = sc->log_level;
/*
@@ -560,6 +582,7 @@
ssl_var_register();
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+ APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
}
module AP_MODULE_DECLARE_DATA ssl_module = {
1.113 +4 -0 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- mod_ssl.h 30 Mar 2002 06:46:24 -0000 1.112
+++ mod_ssl.h 7 Apr 2002 03:37:35 -0000 1.113
@@ -432,6 +432,7 @@
int verify_depth;
int log_level; /* for avoiding expensive logging */
int is_proxy;
+ int disabled;
} SSLConnRec;
#define SSLConnLogApplies(sslconn, level) (sslconn->log_level >= level)
@@ -722,8 +723,11 @@
/* Proxy Support */
int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
+
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
/* I/O */
void ssl_io_filter_init(conn_rec *, SSL *);