Return-Path: 
 <cvs-return-24334-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 5988 invoked from network); 24 Jan 2006 22:44:09 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 24 Jan 2006 22:44:09 -0000
Received: (qmail 3316 invoked by uid 500); 24 Jan 2006 22:44:08 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 3282 invoked by uid 500); 24 Jan 2006 22:44:07 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 3271 invoked by uid 99); 24 Jan 2006 22:44:07 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2006 14:44:07 -0800
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194)
    by apache.org (qpsmtpd/0.29) with SMTP; Tue, 24 Jan 2006 14:44:06 -0800
Received: (qmail 5875 invoked by uid 65534); 24 Jan 2006 22:43:46 -0000
Message-ID: <20060124224346.5874.qmail@minotaur.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r372036 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS
 modules/ssl/mod_ssl.c modules/ssl/mod_ssl.h modules/ssl/ssl_engine_kernel.c
Date: Tue, 24 Jan 2006 22:43:45 -0000
To: cvs@httpd.apache.org
From: colm@apache.org
X-Mailer: svnmailer-1.0.5
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: colm
Date: Tue Jan 24 14:43:38 2006
New Revision: 372036

URL: http://svn.apache.org/viewcvs?rev=372036&view=rev
Log:
merge r161958 from trunk:

Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown
setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452

Submitted by: jorton    

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c
    httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h
    httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Tue Jan 24 14:43:38 2006
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
+  *) mod_ssl: Correct issue where mod_ssl does not pick up the 
+     ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
+
   *) Document the ReceiveBufferSize change done in r157583 [Murray
      Nesbitt <murray@cpan.org>]
 

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Jan 24 14:43:38 2006
@@ -133,15 +133,6 @@
          http://svn.apache.org/viewcvs?view=rev&rev=154319
        +1: stoddard, striker, wrowe (as corrected in subsequent patches)
 
-    *) mod_ssl: Fix issues picking up ssl-unclean-shutdown setting
-       for e.g. a reverse proxy config, breaking interop with MSIE
-       in some cases.
-       http://svn.apache.org/viewcvs?view=rev&rev=161958
-       rediffed for 2.0.x as:
-       http://issues.apache.org/bugzilla/attachment.cgi?id=14804
-       PR: 34452
-       +1: jorton, trawick, jim
-
     *) Block mod_cgid usage on Solaris 10 due to OS bugs.  PR 34264.
        http://svn.apache.org/viewcvs?view=rev&rev=264866
        +1: jerenkrantz, colm, jim

Modified: httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.c Tue Jan 24 14:43:38 2006
@@ -391,6 +391,10 @@
 
 static void ssl_register_hooks(apr_pool_t *p)
 {
+    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
+     * run after mod_setenvif's post_read_request hook. */ 
+    static const char *pre_prr[] = { "mod_setenvif.c", NULL };
+
     ssl_io_filter_register(p);
 
     ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -399,12 +403,11 @@
     ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
 
     ssl_var_register();
 

Modified: httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/mod_ssl.h Tue Jan 24 14:43:38 2006
@@ -570,7 +570,6 @@
 apr_status_t ssl_init_ModuleKill(void *data);
 
 /*  Apache API hooks  */
-int          ssl_hook_Translate(request_rec *);
 int          ssl_hook_Auth(request_rec *);
 int          ssl_hook_UserCheck(request_rec *);
 int          ssl_hook_Access(request_rec *);

Modified: httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c?rev=372036&r1=372035&r2=372036&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c Tue Jan 24 14:43:38 2006
@@ -30,6 +30,8 @@
                                             -- Unknown                */
 #include "mod_ssl.h"
 
+static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+
 /*
  *  Post Read Request Handler
  */
@@ -81,8 +83,31 @@
      * Get the SSL connection structure and perform the
      * delayed interlinking from SSL back to request_rec
      */
-    if ((ssl = sslconn->ssl)) {
-        SSL_set_app_data2(ssl, r);
+    ssl = sslconn->ssl;
+    if (!ssl) {
+        return DECLINED;
+    }
+    SSL_set_app_data2(ssl, r);
+
+    /*
+     * Log information about incoming HTTPS requests
+     */
+    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
+        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                     "%s HTTPS request received for child %ld (server %s)",
+                     (r->connection->keepalives <= 0 ?
+                     "Initial (No.1)" :
+                     apr_psprintf(r->pool, "Subsequent (No.%d)",
+                                  r->connection->keepalives+1)),
+                     r->connection->id,
+                     ssl_util_vhostid(r->pool, r->server));
+    }
+
+    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
+     * so they won't change across keepalive requests
+     */
+    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
+        ssl_configure_env(r, sslconn);
     }
 
     return DECLINED;
@@ -123,41 +148,6 @@
             break;
         }
     }
-}
-
-/*
- *  URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-
-    if (!(sslconn && sslconn->ssl)) {
-        return DECLINED;
-    }
-
-    /*
-     * Log information about incoming HTTPS requests
-     */
-    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-                     "%s HTTPS request received for child %ld (server %s)",
-                     (r->connection->keepalives <= 0 ?
-                     "Initial (No.1)" :
-                     apr_psprintf(r->pool, "Subsequent (No.%d)",
-                                  r->connection->keepalives+1)),
-                     r->connection->id,
-                     ssl_util_vhostid(r->pool, r->server));
-    }
-
-    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
-     * so they won't change across keepalive requests
-     */
-    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
-        ssl_configure_env(r, sslconn);
-    }
-
-    return DECLINED;
 }
 
 /*