httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Making mod_proxy_http more aware of SSL
Date Thu, 25 Nov 2010 10:14:16 GMT
 

> -----Original Message-----
> From: Daniel Ruggeri [mailto:DRuggeri@primary.net] 
> Sent: Donnerstag, 25. November 2010 06:04
> To: dev@httpd.apache.org
> Subject: Making mod_proxy_http more aware of SSL
> 
> All;
>     I opened up bug 50332 to attach/document these patches. The patch 
> causes mod_ssl to create a note on the conn_req which is checked by 
> mod_proxy_http when it attempts to pass the request. The 
> intent is for 
> mod_proxy_http to realize that an SSL handshake error has 
> occurred and 
> mark the worker out of service.

I guess the part in mod_proxy_http.c is not the correct way to do it.
Instead of

===================================================================
--- httpd-trunk/modules/proxy/mod_proxy_http.c	(revision 1037345)
+++ httpd-trunk/modules/proxy/mod_proxy_http.c	(working copy)
@@ -1468,6 +1468,10 @@
                     return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, "Timeout on 100-Continue");
                 }
             }
+            else if(strcmp(apr_table_get(backend->connection->notes, "SSL_connect_rv"),
"err") == 0) {
+                backend->worker->s->status |= PROXY_WORKER_IN_ERROR;
+                backend->worker->s->error_time = apr_time_now();
+            }
             /*
              * If we are a reverse proxy request shutdown the connection
              * WITHOUT ANY response to trigger a retry by the client


the following seems better:


+            else if(strcmp(apr_table_get(backend->connection->notes, "SSL_connect_rv"),
"err") == 0) {
+                    return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+                                         "Error during SSL Handshake with remote server");
+


Regards

Rüdiger

Mime
View raw message