httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r307195 - in /httpd/httpd/trunk: CHANGES modules/proxy/ajp_header.c
Date Fri, 07 Oct 2005 21:05:06 GMT
Author: rpluem
Date: Fri Oct  7 14:05:01 2005
New Revision: 307195

URL: http://svn.apache.org/viewcvs?rev=307195&view=rev
Log:
* Fix PR36883 (mod_proxy_ajp and tomcat issues).

Submitted by: William Barker <william.barker wilshire.com>
Reviewed by: Ruediger Pluem

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/proxy/ajp_header.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=307195&r1=307194&r2=307195&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct  7 14:05:01 2005
@@ -24,6 +24,10 @@
 
 Changes with Apache 2.1.9
 
+  *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
+     connections. PR36883.
+     [William Barker <william.barker wilshire.com>, Ruediger Pluem]
+
   *) Elimiated the NET_TIME filter, restructuring the timeout logic.
      This provides a working mod_echo on all platforms, and ensures any
      custom protocol module is at least given an initial timeout value

Modified: httpd/httpd/trunk/modules/proxy/ajp_header.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/proxy/ajp_header.c?rev=307195&r1=307194&r2=307195&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/ajp_header.c (original)
+++ httpd/httpd/trunk/modules/proxy/ajp_header.c Fri Oct  7 14:05:01 2005
@@ -341,55 +341,62 @@
  *   SetEnv SSL_SESSION_ID CUSTOM_SSL_SESSION_ID
  * </Location>
  */
-    if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
-                                AJP13_SSL_CLIENT_CERT_INDICATOR))) {
-        if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT) ||
-            ajp_msg_append_string(msg, envvar)) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                   "ajp_marshal_into_msgb: "
-                   "Error appending the SSL certificates");
-            return AJP_EOVERFLOW;
+    /*
+     * Only lookup SSL variables if we are currently running HTTPS.
+     * Furthermore ensure that only variables get set in the AJP message
+     * that are not NULL and not empty.
+     */
+    if (is_ssl) {
+        if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+                                       AJP13_SSL_CLIENT_CERT_INDICATOR))
+            && envvar[0]) {
+            if (ajp_msg_append_uint8(msg, SC_A_SSL_CERT)
+                || ajp_msg_append_string(msg, envvar)) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                             "ajp_marshal_into_msgb: "
+                             "Error appending the SSL certificates");
+                return AJP_EOVERFLOW;
+            }
         }
-    }
 
-    if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
-                                AJP13_SSL_CIPHER_INDICATOR))) {
-        if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER) ||
-            ajp_msg_append_string(msg, envvar)) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                   "ajp_marshal_into_msgb: "
-                   "Error appending the SSL ciphers");
-            return AJP_EOVERFLOW;
+        if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+                                       AJP13_SSL_CIPHER_INDICATOR))
+            && envvar[0]) {
+            if (ajp_msg_append_uint8(msg, SC_A_SSL_CIPHER)
+                || ajp_msg_append_string(msg, envvar)) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                             "ajp_marshal_into_msgb: "
+                             "Error appending the SSL ciphers");
+                return AJP_EOVERFLOW;
+            }
         }
-    }
 
-    if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
-                                AJP13_SSL_SESSION_INDICATOR))) {
-        if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION) ||
-            ajp_msg_append_string(msg, envvar)) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                   "ajp_marshal_into_msgb: "
-                   "Error appending the SSL session");
-            return AJP_EOVERFLOW;
+        if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+                                       AJP13_SSL_SESSION_INDICATOR))
+            && envvar[0]) {
+            if (ajp_msg_append_uint8(msg, SC_A_SSL_SESSION)
+                || ajp_msg_append_string(msg, envvar)) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                             "ajp_marshal_into_msgb: "
+                             "Error appending the SSL session");
+                return AJP_EOVERFLOW;
+            }
         }
-    }
 
-    /*
-     * ssl_key_size is required by Servlet 2.3 API
-     * added support only in ajp14 mode
-     * JFC removed: ae->proto == AJP14_PROTO
-     */
- /* XXXX ignored for the moment
-    if (s->ssl_key_size != -1) {
-        if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE) ||
-            ajp_msg_append_uint16(msg, (unsigned short) s->ssl_key_size)) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                   "Error ajp_marshal_into_msgb - "
-                   "Error appending the SSL key size");
-            return APR_EGENERAL;
+        /* ssl_key_size is required by Servlet 2.3 API */
+        if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+                                       AJP13_SSL_KEY_SIZE_INDICATOR))
+            && envvar[0]) {
+
+            if (ajp_msg_append_uint8(msg, SC_A_SSL_KEY_SIZE)
+                || ajp_msg_append_uint16(msg, (unsigned short) atoi(envvar))) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                             "Error ajp_marshal_into_msgb - "
+                             "Error appending the SSL key size");
+                return APR_EGENERAL;
+            }
         }
     }
- */
     /* Use the environment vars prefixed with AJP_
      * and pass it to the header striping that prefix.
      */



Mime
View raw message