httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1610327 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/ssl/ssl_engine_kernel.c
Date Mon, 14 Jul 2014 00:24:33 GMT
Author: trawick
Date: Mon Jul 14 00:24:33 2014
New Revision: 1610327

URL: http://svn.apache.org/r1610327
Log:
Merge r1609936 from trunk:

mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck

Submitted by: trawick
Reviewed by: minfrin, rjung

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1609936

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1610327&r1=1610326&r2=1610327&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Jul 14 00:24:33 2014
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.10
 
+  *) mod_ssl: Set an error note for requests rejected due to
+     SSLStrictSNIVHostCheck.  [Jeff Trawick]
+
   *) mod_ssl: Fix issue with redirects to error documents when handling
      SNI errors.  [Jeff Trawick]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1610327&r1=1610326&r2=1610327&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Jul 14 00:24:33 2014
@@ -122,12 +122,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      ylavic: does not depend on r1572092 or r1572655 and al above,
              these proposals can be backported in any order.
 
-   * mod_ssl: Set an error note for requests rejected due to
-     SSLStrictSNIVHostCheck
-     trunk patch: http://svn.apache.org/r1609936
-     2.4.x patch: Trunk patch works modulo CHANGES.
-     +1: trawick, minfrin, rjung
-
    * core: Include any error notes set by modules in the canned error
      response for 403 errors.
      trunk patch: http://svn.apache.org/r1609938

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1610327&r1=1610326&r2=1610327&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Mon Jul 14 00:24:33 2014
@@ -219,6 +219,10 @@ int ssl_hook_ReadReq(request_rec *r)
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02033)
                          "No hostname was provided via SNI for a name based"
                          " virtual host");
+            apr_table_setn(r->notes, "error-notes",
+                           "Reason: The client software did not provide a "
+                           "hostname using Server Name Indication (SNI), "
+                           "which is required to access this server.<br />\n");
             return HTTP_FORBIDDEN;
         }
     }



Mime
View raw message