Return-Path: 
 <cvs-return-55352-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 11CE9181AD
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Thu,  3 Dec 2015 17:33:09 +0000 (UTC)
Received: (qmail 78206 invoked by uid 500); 3 Dec 2015 17:33:08 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 78133 invoked by uid 500); 3 Dec 2015 17:33:08 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 78124 invoked by uid 99); 3 Dec 2015 17:33:08 -0000
Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Dec 2015 17:33:08 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 5A623C492C
	for <cvs@httpd.apache.org>; Thu,  3 Dec 2015 17:33:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.99
X-Spam-Level: 
X-Spam-Status: No, score=0.99 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, T_RP_MATCHES_RCVD=-0.01]
	autolearn=disabled
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id OEGM6HMDzHmo for <cvs@httpd.apache.org>;
	Thu,  3 Dec 2015 17:33:07 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTP id 7375E2059A
	for <cvs@httpd.apache.org>; Thu,  3 Dec 2015 17:33:07 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id A89ACE0280
	for <cvs@httpd.apache.org>; Thu,  3 Dec 2015 17:33:06 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id 7E5A93A043E
	for <cvs@httpd.apache.org>; Thu,  3 Dec 2015 17:33:06 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1717816 -
 /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Date: Thu, 03 Dec 2015 17:33:06 -0000
To: cvs@httpd.apache.org
From: wrowe@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20151203173306.7E5A93A043E@svn01-us-west.apache.org>

Author: wrowe
Date: Thu Dec  3 17:33:06 2015
New Revision: 1717816

URL: http://svn.apache.org/viewvc?rev=1717816&view=rev
Log:
Fix missing Upgrade headers on OPTION * requests, PR58688

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1717816&r1=1717815&r2=1717816&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Dec  3 17:33:06 2015
@@ -246,6 +246,17 @@ int ssl_hook_ReadReq(request_rec *r)
         sslconn = myConnConfig(r->connection->master);
     }
     
+    /* If "SSLEngine optional" is configured, this is not an SSL
+     * connection, and this isn't a subrequest, send an Upgrade
+     * response header.  Note this must happen before map_to_storage
+     * and OPTIONS * request processing is completed.
+     */
+    if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
+        && !r->main) {
+        apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
+        apr_table_mergen(r->headers_out, "Connection", "upgrade");
+    }
+
     if (!sslconn) {
         return DECLINED;
     }
@@ -1334,15 +1345,6 @@ int ssl_hook_Fixup(request_rec *r)
     SSL *ssl;
     int i;
 
-    /* If "SSLEngine optional" is configured, this is not an SSL
-     * connection, and this isn't a subrequest, send an Upgrade
-     * response header. */
-    if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
-        && !r->main) {
-        apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
-        apr_table_mergen(r->headers_out, "Connection", "upgrade");
-    }
-
     if (!(sslconn && sslconn->ssl) && r->connection->master) {
         sslconn = myConnConfig(r->connection->master);
     }