httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1609936 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c
Date Sat, 12 Jul 2014 14:48:05 GMT
Author: trawick
Date: Sat Jul 12 14:48:04 2014
New Revision: 1609936

URL: http://svn.apache.org/r1609936
Log:
Set an error note for requests rejected due to SSLStrictSNIVHostCheck.
This allows custom error documents to include the specific reason
for denying access to the server.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1609936&r1=1609935&r2=1609936&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Jul 12 14:48:04 2014
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Set an error note for requests rejected due to
+     SSLStrictSNIVHostCheck.  [Jeff Trawick]
+
   *) mod_ssl: Fix issue with redirects to error documents when handling
      SNI errors.  [Jeff Trawick]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1609936&r1=1609935&r2=1609936&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sat Jul 12 14:48:04 2014
@@ -220,6 +220,10 @@ int ssl_hook_ReadReq(request_rec *r)
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02033)
                          "No hostname was provided via SNI for a name based"
                          " virtual host");
+            apr_table_setn(r->notes, "error-notes",
+                           "Reason: The client software did not provide a "
+                           "hostname using Server Name Indication (SNI), "
+                           "which is required to access this server.<br />\n");
             return HTTP_FORBIDDEN;
         }
     }



Mime
View raw message