Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1BC13200B2B for ; Tue, 28 Jun 2016 13:43:56 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 1A715160A56; Tue, 28 Jun 2016 11:43:56 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 37625160A06 for ; Tue, 28 Jun 2016 13:43:55 +0200 (CEST) Received: (qmail 2002 invoked by uid 500); 28 Jun 2016 11:43:54 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 1992 invoked by uid 99); 28 Jun 2016 11:43:54 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jun 2016 11:43:54 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id BD87CC344E for ; Tue, 28 Jun 2016 11:43:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.388 X-Spam-Level: X-Spam-Status: No, score=-1.388 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=UyU/DAnZ; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=UyU/DAnZ Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id e8N41U9S0xWx for ; Tue, 28 Jun 2016 11:43:52 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [5.10.171.186]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 4F78E5F485 for ; Tue, 28 Jun 2016 11:43:52 +0000 (UTC) Received: by mail.greenbytes.de (Postfix, from userid 117) id 986D515A078C; Tue, 28 Jun 2016 13:43:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1467114230; bh=WbK+5G9Z86TyEvpBFDkYRf9XSYCVjdH0eBwxWJXc8tE=; h=Subject:From:In-Reply-To:Date:References:To:From; b=UyU/DAnZ6ySe+F7IDGzkzkfLFw4eHxhwiO94TXW2+19dZA6f+S+kWd82zxgBVsPgT imkuSIg41x1O7PIsL/uxbbumJnwfHtLzvTcv9PXfZeMgNIOmV/xGU6U62iAXLyQkai Yx5OMSsmQfWtfzCB6EsYUx1LRhB7va3Mmzs0g1D0= Received: from [192.168.1.42] (unknown [192.168.1.1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 215DF15A0338 for ; Tue, 28 Jun 2016 13:43:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1467114230; bh=WbK+5G9Z86TyEvpBFDkYRf9XSYCVjdH0eBwxWJXc8tE=; h=Subject:From:In-Reply-To:Date:References:To:From; b=UyU/DAnZ6ySe+F7IDGzkzkfLFw4eHxhwiO94TXW2+19dZA6f+S+kWd82zxgBVsPgT imkuSIg41x1O7PIsL/uxbbumJnwfHtLzvTcv9PXfZeMgNIOmV/xGU6U62iAXLyQkai Yx5OMSsmQfWtfzCB6EsYUx1LRhB7va3Mmzs0g1D0= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: svn commit: r1750301 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.h proxy_util.c From: Stefan Eissing In-Reply-To: Date: Tue, 28 Jun 2016 13:43:49 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <93BA09A6-6623-4B72-A54A-2ADF1982E4B3@greenbytes.de> References: <20160627080030.E862B3A0096@svn01-us-west.apache.org> <062A0516-985A-4FC2-B02A-1FCF403763AF@greenbytes.de> <896863B2-7B8E-4808-8606-3849E3F30796@greenbytes.de> <4AD4C532-FD57-4522-B332-48ED2409BE5C@greenbytes.de> <13E0E405-29B1-47CC-B236-F61FD9A96020@greenbytes.de> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.3124) archived-at: Tue, 28 Jun 2016 11:43:56 -0000 Ah, understood. Do you want to squeeze it into 2.4.23 or can it wait? > Am 28.06.2016 um 13:42 schrieb Yann Ylavic : >=20 > I don't think trunk needs it because ap_proxy_connect_backend() is > already doing this work (via ap_proxy_check_backend). >=20 > That's why I proposed a 2.4.x only patch, but I can commit it to trunk > temporarily if that helps (and until) backport... >=20 >=20 > On Tue, Jun 28, 2016 at 12:36 PM, Stefan Eissing > wrote: >> We are talking about adding this to trunk first, right? ^^ >>=20 >>> Am 28.06.2016 um 12:34 schrieb Stefan Eissing = : >>>=20 >>> I believe so. Highly experimental and all such... >>>=20 >>>> Am 28.06.2016 um 12:23 schrieb Yann Ylavic : >>>>=20 >>>> I can, but is mod_proxy_h2 CTR (Commit Then Review) like >>>> mod_h2 ? >>>>=20 >>>> On Tue, Jun 28, 2016 at 12:15 PM, Stefan Eissing >>>> wrote: >>>>> Looks good to me. Can you commit this, then I quickly run my tests = with it... >>>>>=20 >>>>>> Am 28.06.2016 um 09:50 schrieb Yann Ylavic = : >>>>>>=20 >>>>>> On Tue, Jun 28, 2016 at 12:23 AM, Yann Ylavic = wrote: >>>>>>>>=20 >>>>>>>> The possible issue if r1750414 were backported, is that without >>>>>>>> r1750392 mod_proxy_http2 may not detect a TLS close notify = before >>>>>>>> reusing a backend connection. >>>>>>>> If it's not backported, it may close a legitimate backend = connection >>>>>>>> with (pre-)available data... >>>>>>>=20 >>>>>>> I meant: it may discard (pre-)available data (not closing the = connection). >>>>>>=20 >>>>>> A possible solution for 2.4.x (needed only there AFAICT), could = be: >>>>>>=20 >>>>>> Index: modules/http2/mod_proxy_http2.c >>>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>>>> --- modules/http2/mod_proxy_http2.c (revision 1750453) >>>>>> +++ modules/http2/mod_proxy_http2.c (working copy) >>>>>> @@ -520,11 +520,19 @@ run_connect: >>>>>> } >>>>>>=20 >>>>>> ctx->p_conn->is_ssl =3D ctx->is_ssl; >>>>>> - if (ctx->is_ssl) { >>>>>> - /* If there is still some data on an existing ssl = connection, now >>>>>> - * would be a good timne to get rid of it. */ >>>>>> - ap_proxy_ssl_connection_cleanup(ctx->p_conn, = ctx->rbase); >>>>>> - } >>>>>> + if (ctx->is_ssl && ctx->p_conn->connection) { >>>>>> + /* If there are some metadata on the connection (e.g. = TLS alert), >>>>>> + * let mod_ssl detect them, and create a new connection = below. >>>>>> + */ >>>>>> + apr_bucket_brigade *tmp_bb; >>>>>> + tmp_bb =3D apr_brigade_create(r->pool, = r->connection->bucket_alloc); >>>>>> + status =3D = ap_get_brigade(ctx->p_conn->connection->input_filters, tmp_bb, >>>>>> + AP_MODE_SPECULATIVE, = APR_NONBLOCK_READ, 1); >>>>>> + if (status !=3D APR_SUCCESS && = !APR_STATUS_IS_EAGAIN(status)) { >>>>>> + ctx->p_conn->close =3D 1; >>>>>> + } >>>>>> + apr_brigade_cleanup(tmp_bb); >>>>>> + } >>>>>>=20 >>>>>> /* Step One: Determine the URL to connect to (might be a proxy), >>>>>> * initialize the backend accordingly and determine the server >>>>>> _ >>>>>>=20 >>>>>> Stefan? >>>>>=20 >>>=20 >>=20