Return-Path: 
 <cvs-return-55227-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id EBF3718F26
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Wed, 18 Nov 2015 17:15:28 +0000 (UTC)
Received: (qmail 25875 invoked by uid 500); 18 Nov 2015 17:15:28 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 25794 invoked by uid 500); 18 Nov 2015 17:15:28 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 25784 invoked by uid 99); 18 Nov 2015 17:15:28 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2015 17:15:28 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id 5DF9E1801DA
	for <cvs@httpd.apache.org>; Wed, 18 Nov 2015 17:15:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.79
X-Spam-Level: *
X-Spam-Status: No, score=1.79 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	T_RP_MATCHES_RCVD=-0.01] autolearn=disabled
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id 8Waa6vUHIw2b for <cvs@httpd.apache.org>;
	Wed, 18 Nov 2015 17:15:27 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTP id 58F2621195
	for <cvs@httpd.apache.org>; Wed, 18 Nov 2015 17:15:26 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id 3AA7EE03E8
	for <cvs@httpd.apache.org>; Wed, 18 Nov 2015 17:15:25 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id 37C983A046F
	for <cvs@httpd.apache.org>; Wed, 18 Nov 2015 17:15:25 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1715023 - in /httpd/httpd/trunk/modules/ssl:
 ssl_engine_io.c
 ssl_private.h
Date: Wed, 18 Nov 2015 17:15:25 -0000
To: cvs@httpd.apache.org
From: ylavic@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20151118171525.37C983A046F@svn01-us-west.apache.org>

Author: ylavic
Date: Wed Nov 18 17:15:24 2015
New Revision: 1715023

URL: http://svn.apache.org/viewvc?rev=1715023&view=rev
Log:
mod_ssl: follow up to r1709602.
Fix "HTTP spoken on HTTPS port" broken by the SSL handshake trigger moved to
process_connection hook (r1709602) along with H2Direct speculative read.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=1715023&r1=1715022&r2=1715023&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Wed Nov 18 17:15:24 2015
@@ -917,7 +917,8 @@ static void ssl_io_filter_disable(SSLCon
 
 static apr_status_t ssl_io_filter_error(ap_filter_t *f,
                                         apr_bucket_brigade *bb,
-                                        apr_status_t status)
+                                        apr_status_t status,
+                                        int is_init)
 {
     SSLConnRec *sslconn = myConnConfig(f->c);
     apr_bucket *bucket;
@@ -931,8 +932,13 @@ static apr_status_t ssl_io_filter_error(
                          "trying to send HTML error page");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
 
-            sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
             ssl_io_filter_disable(sslconn, f);
+            f->c->keepalive = AP_CONN_CLOSE;
+            if (is_init) {
+                sslconn->non_ssl_request = NON_SSL_SEND_REQLINE;
+                return APR_EGENERAL;
+            }
+            sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
 
             /* fake the request line */
             bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
@@ -1401,11 +1407,22 @@ static apr_status_t ssl_io_filter_input(
     }
 
     if (!inctx->ssl) {
+        apr_bucket *bucket;
         SSLConnRec *sslconn = myConnConfig(f->c);
+        if (sslconn->non_ssl_request == NON_SSL_SEND_REQLINE) {
+            bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+            APR_BRIGADE_INSERT_TAIL(bb, bucket);
+            if (mode != AP_MODE_SPECULATIVE) {
+                sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
+            }
+            return APR_SUCCESS;
+        }
         if (sslconn->non_ssl_request == NON_SSL_SEND_HDR_SEP) {
-            apr_bucket *bucket = apr_bucket_immortal_create(CRLF, 2, f->c->bucket_alloc);
+            bucket = apr_bucket_immortal_create(CRLF, 2, f->c->bucket_alloc);
             APR_BRIGADE_INSERT_TAIL(bb, bucket);
-            sslconn->non_ssl_request = NON_SSL_SET_ERROR_MSG;
+            if (mode != AP_MODE_SPECULATIVE) {
+                sslconn->non_ssl_request = NON_SSL_SET_ERROR_MSG;
+            }
             return APR_SUCCESS;
         }
         return ap_get_brigade(f->next, bb, mode, block, readbytes);
@@ -1426,7 +1443,7 @@ static apr_status_t ssl_io_filter_input(
      * rather than have SSLEngine On configured.
      */
     if ((status = ssl_io_filter_handshake(inctx->filter_ctx)) != APR_SUCCESS) {
-        return ssl_io_filter_error(f, bb, status);
+        return ssl_io_filter_error(f, bb, status, is_init);
     }
 
     if (is_init) {
@@ -1480,7 +1497,7 @@ static apr_status_t ssl_io_filter_input(
 
     /* Handle custom errors. */
     if (status != APR_SUCCESS) {
-        return ssl_io_filter_error(f, bb, status);
+        return ssl_io_filter_error(f, bb, status, 0);
     }
 
     /* Create a transient bucket out of the decrypted data. */
@@ -1670,7 +1687,7 @@ static apr_status_t ssl_io_filter_output
     inctx->block = APR_BLOCK_READ;
 
     if ((status = ssl_io_filter_handshake(filter_ctx)) != APR_SUCCESS) {
-        return ssl_io_filter_error(f, bb, status);
+        return ssl_io_filter_error(f, bb, status, 0);
     }
 
     while (!APR_BRIGADE_EMPTY(bb) && status == APR_SUCCESS) {

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1715023&r1=1715022&r2=1715023&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Wed Nov 18 17:15:24 2015
@@ -432,6 +432,7 @@ typedef struct {
     int disabled;
     enum {
         NON_SSL_OK = 0,        /* is SSL request, or error handling completed */
+        NON_SSL_SEND_REQLINE,  /* Need to send the fake request line */
         NON_SSL_SEND_HDR_SEP,  /* Need to send the header separator */
         NON_SSL_SET_ERROR_MSG  /* Need to set the error message */
     } non_ssl_request;