httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Making mod_proxy_http more aware of SSL
Date Thu, 25 Nov 2010 15:05:06 GMT
 

> -----Original Message-----
> From: Daniel Ruggeri  
> Sent: Donnerstag, 25. November 2010 16:01
> To: dev@httpd.apache.org
> Subject: Re: Making mod_proxy_http more aware of SSL
> 
> 
> On 11/25/2010 4:14 AM, "Plüm, Rüdiger, VF-Group" wrote:
> > the following seems better:
> >
> >
> > +            else 
> if(strcmp(apr_table_get(backend->connection->notes, 
> "SSL_connect_rv"), "err") == 0) {
> > +                    return ap_proxyerror(r, 
> HTTP_INTERNAL_SERVER_ERROR,
> > +                                         "Error during SSL 
> Handshake with remote server");
> > +
> >
> >
> > Regards
> >
> > Rüdiger
> 
> I agree that the message should be logged as such since 
> logging higher 
> than INFO would hide the actual SSL error from mod_ssl. My 
> focus though 
> is on marking the backend server out of service as you can't 
> communicate 
> unless the SSL transport has been established (essentially a 
> failure to 
> connect). Nothing else in the request/response cycle in 
> mod_proxy_http 
> does this due to handshake errors and this spot seems to be the very 
> first place we can actually check for that condition.
> 
> I have updated the patches to log your suggested message 
> after marking 
> the workers to be in error state.

The loggers get in error state automatically when you call
ap_proxyerror with HTTP_INTERNAL_SERVER_ERROR. No need to do it manually.

Regards

Rüdiger


Mime
View raw message