You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2005/10/07 23:05:06 UTC
svn commit: r307195 - in /httpd/httpd/trunk: CHANGES
modules/proxy/ajp_header.c
Author: rpluem
Date: Fri Oct 7 14:05:01 2005
New Revision: 307195
URL: http://svn.apache.org/viewcvs?rev=307195&view=rev
Log:
* Fix PR36883 (mod_proxy_ajp and tomcat issues).
Submitted by: William Barker <william.barker wilshire.com>
Reviewed by: Ruediger Pluem
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/proxy/ajp_header.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=307195&r1=307194&r2=307195&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct 7 14:05:01 2005
@@ -24,6 +24,10 @@
Changes with Apache 2.1.9
+ *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
+ connections. PR36883.
+ [William Barker <william.barker wilshire.com>, Ruediger Pluem]
+
*) Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
Modified: httpd/httpd/trunk/modules/proxy/ajp_header.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/proxy/ajp_header.c?rev=307195&r1=307194&r2=307195&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/ajp_header.c (original)
+++ httpd/httpd/trunk/modules/proxy/ajp_header.c Fri Oct 7 14:05:01 2005
@@ -341,55 +341,62 @@
* SetEnv SSL_SESSION_ID CUSTOM_SSL_SESSION_ID
* </Location>
*/
- if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
- AJP13_SSL_CLIENT_CERT_INDICATOR))) {
- if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT) ||
- ajp_msg_append_string(msg, envvar)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "ajp_marshal_into_msgb: "
- "Error appending the SSL certificates");
- return AJP_EOVERFLOW;
+ /*
+ * Only lookup SSL variables if we are currently running HTTPS.
+ * Furthermore ensure that only variables get set in the AJP message
+ * that are not NULL and not empty.
+ */
+ if (is_ssl) {
+ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+ AJP13_SSL_CLIENT_CERT_INDICATOR))
+ && envvar[0]) {
+ if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT)
+ || ajp_msg_append_string(msg, envvar)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "ajp_marshal_into_msgb: "
+ "Error appending the SSL certificates");
+ return AJP_EOVERFLOW;
+ }
}
- }
- if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
- AJP13_SSL_CIPHER_INDICATOR))) {
- if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER) ||
- ajp_msg_append_string(msg, envvar)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "ajp_marshal_into_msgb: "
- "Error appending the SSL ciphers");
- return AJP_EOVERFLOW;
+ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+ AJP13_SSL_CIPHER_INDICATOR))
+ && envvar[0]) {
+ if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER)
+ || ajp_msg_append_string(msg, envvar)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "ajp_marshal_into_msgb: "
+ "Error appending the SSL ciphers");
+ return AJP_EOVERFLOW;
+ }
}
- }
- if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
- AJP13_SSL_SESSION_INDICATOR))) {
- if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION) ||
- ajp_msg_append_string(msg, envvar)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "ajp_marshal_into_msgb: "
- "Error appending the SSL session");
- return AJP_EOVERFLOW;
+ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+ AJP13_SSL_SESSION_INDICATOR))
+ && envvar[0]) {
+ if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION)
+ || ajp_msg_append_string(msg, envvar)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "ajp_marshal_into_msgb: "
+ "Error appending the SSL session");
+ return AJP_EOVERFLOW;
+ }
}
- }
- /*
- * ssl_key_size is required by Servlet 2.3 API
- * added support only in ajp14 mode
- * JFC removed: ae->proto == AJP14_PROTO
- */
- /* XXXX ignored for the moment
- if (s->ssl_key_size != -1) {
- if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE) ||
- ajp_msg_append_uint16(msg, (unsigned short) s->ssl_key_size)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Error ajp_marshal_into_msgb - "
- "Error appending the SSL key size");
- return APR_EGENERAL;
+ /* ssl_key_size is required by Servlet 2.3 API */
+ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+ AJP13_SSL_KEY_SIZE_INDICATOR))
+ && envvar[0]) {
+
+ if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE)
+ || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "Error ajp_marshal_into_msgb - "
+ "Error appending the SSL key size");
+ return APR_EGENERAL;
+ }
}
}
- */
/* Use the environment vars prefixed with AJP_
* and pass it to the header striping that prefix.
*/