httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1609914 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c
Date Sat, 12 Jul 2014 13:26:43 GMT
Author: trawick
Date: Sat Jul 12 13:26:42 2014
New Revision: 1609914

URL: http://svn.apache.org/r1609914
Log:
Perform SNI checks only on the initial request.  In particular,
if these checks detect a problem, the checks shouldn't return an
error again when processing an ErrorDocument redirect for the
original problem.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1609914&r1=1609913&r2=1609914&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Jul 12 13:26:42 2014
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Fix issue with redirects to error documents when handling
+     SNI errors.  [Jeff Trawick]
+
   *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
      is run, instead of waiting until the end of the request. [Eric Covener]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1609914&r1=1609913&r2=1609914&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sat Jul 12 13:26:42 2014
@@ -164,7 +164,13 @@ int ssl_hook_ReadReq(request_rec *r)
         return DECLINED;
     }
 #ifdef HAVE_TLSEXT
-    if (r->proxyreq != PROXYREQ_PROXY) {
+    /*
+     * Perform SNI checks only on the initial request.  In particular,
+     * if these checks detect a problem, the checks shouldn't return an
+     * error again when processing an ErrorDocument redirect for the
+     * original problem.
+     */
+    if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
         if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
             char *host, *scope_id;
             apr_port_t port;



Mime
View raw message