httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: SSL upgrade [was: Final patch for a long time]
Date Thu, 12 Dec 2002 08:33:41 GMT
On Thu, Dec 12, 2002 at 01:08:08AM -0600, William Rowe wrote:
> My proposed solution is to review the patch and apply it to cvs HEAD.  Get it
> committed.  Of course there are no test suites right now, and there won't be
> for a little while yet.  But once the code exists, it will be simpler to keep the
> SSL upgrade facility maintained, and debug it as the clients become available
> (most especially, libwww exercises through perl-framework.)

I think there were a couple of mistakes in the patch:

> --- modules/ssl/ssl_engine_io.c	23 Nov 2002 21:19:03 -0000	1.101
> +++ modules/ssl/ssl_engine_io.c	12 Dec 2002 07:06:46 -0000
> @@ -1181,6 +1181,84 @@
>      return APR_SUCCESS;
>  }
>  
> +static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
> +                                         apr_bucket_brigade *bb)
> +
> +{
> +#define SWITCH_STATUS_LINE "101 Switching Protocols"

Should be "HTTP/1.1 101 Swiching Protocols" unless the prefix is added
somewhere I missed, otherwise this isn't a valid status-line.

> +#define UPGRADE_HEADER "Upgrade: TLS/1.0 HTTP/1.1"
> +#define CONNECTION_HEADER "Conenction: Upgrade"

Spot the typo :)

> +    connection = apr_table_get(r->headers_in, "Connection");
> +
> +    apr_table_unset(r->headers_out, "Upgrade");
> +
> +    if (strcmp(connection, "Upgrade") || strcmp(upgrade, "TLS/1.0")) {
> +        return ap_pass_brigade(f->next, bb);
> +    }

I don't think the requirement that the client sends exactly "Connection:
Upgrade" is correct; the only requirement here is on the client to send
a Connection header including the "upgrade" token.

joe

Mime
View raw message