Return-Path: 
 <cvs-return-32059-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 1620 invoked from network); 31 Jan 2009 21:17:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 31 Jan 2009 21:17:22 -0000
Received: (qmail 46960 invoked by uid 500); 31 Jan 2009 21:17:21 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 46914 invoked by uid 500); 31 Jan 2009 21:17:21 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 46905 invoked by uid 99); 31 Jan 2009 21:17:21 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Jan 2009 13:17:21 -0800
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Jan 2009 21:17:12 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 203EA2388979; Sat, 31 Jan 2009 21:16:52 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r739620 - /httpd/httpd/trunk/server/core.c
Date: Sat, 31 Jan 2009 21:16:51 -0000
To: cvs@httpd.apache.org
From: covener@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090131211652.203EA2388979@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: covener
Date: Sat Jan 31 21:16:51 2009
New Revision: 739620

URL: http://svn.apache.org/viewvc?rev=739620&view=rev
Log:
Provide a hint when we see what looks like an SSL record when we're
expecting a plain-text request line.

Submitted by: Dan Poirer <poirier pobox.com>
Reviwed by: covener


Modified:
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=739620&r1=739619&r2=739620&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Jan 31 21:16:51 2009
@@ -3673,8 +3673,19 @@
     }
     else {              /* unusual method (not GET or POST) */
         if (r->method_number == M_INVALID) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "Invalid method in request %s", r->the_request);
+            /* See if this looks like an undecrypted SSL handshake attempt.
+             * It's safe to look a couple bytes into the_request if it exists, as it's
+             * always allocated at least MIN_LINE_ALLOC (80) bytes.
+             */
+            if (r->the_request
+                && r->the_request[0] == 0x16                                
+                && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3)) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request);
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s", r->the_request);
+            }
             return HTTP_NOT_IMPLEMENTED;
         }