]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
Merge r1818726 from trunk:
authorYann Ylavic <ylavic@apache.org>
Fri, 24 May 2019 07:54:42 +0000 (07:54 +0000)
committerYann Ylavic <ylavic@apache.org>
Fri, 24 May 2019 07:54:42 +0000 (07:54 +0000)
mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

PR 61857.

Proposed by: Markus Gausling <markusgausling googlemail.com>
Reviewed by: ylavic, rjung, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1859844 13f79535-47bb-0310-9956-ffa450edef68

CHANGES
modules/http2/mod_proxy_http2.c
modules/proxy/mod_proxy_http.c
modules/proxy/proxy_util.c

diff --git a/CHANGES b/CHANGES
index 5f7521eebba6414897f6dee01895201cf4c45e61..3a691729eda7778e0d3b37a2bf900c11d8dd6bf1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.40
 
+  *) mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.
+     PR 61857.  [Markus Gausling <markusgausling googlemail.com>, Yann Ylavic]
+
   *) mod_reqtimeout: Fix default rates missing (not applied) in 2.4.39.
      PR 63325. [Yann Ylavic]
 
index 95336f75769c02c57b5a88cdf35186a61c9f61ba..6da47312071f21200e300d5b6d723700b9039717 100644 (file)
@@ -404,14 +404,6 @@ run_connect:
              */
             apr_table_setn(ctx->p_conn->connection->notes,
                            "proxy-request-alpn-protos", "h2");
-            if (ctx->p_conn->ssl_hostname) {
-                ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctx->owner, 
-                              "set SNI to %s for (%s)", 
-                              ctx->p_conn->ssl_hostname, 
-                              ctx->p_conn->hostname);
-                apr_table_setn(ctx->p_conn->connection->notes,
-                               "proxy-request-hostname", ctx->p_conn->ssl_hostname);
-            }
         }
     }
 
index 56af9a83313b2187d193d7b9e6df7a182901bca9..2f2cef5600850a280ff965a37981da1638efa6ca 100644 (file)
@@ -1976,16 +1976,6 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
             if ((status = ap_proxy_connection_create_ex(proxy_function,
                                                         backend, r)) != OK)
                 break;
-            /*
-             * On SSL connections set a note on the connection what CN is
-             * requested, such that mod_ssl can check if it is requested to do
-             * so.
-             */
-            if (backend->ssl_hostname) {
-                apr_table_setn(backend->connection->notes,
-                               "proxy-request-hostname",
-                               backend->ssl_hostname);
-            }
         }
 
         /* Step Four: Send the Request
index b131ec07f6b9ced325ba4d9375169d2789790c3c..77880de622ccb4eed375124d7023388a48001d55 100644 (file)
@@ -3220,6 +3220,13 @@ static int proxy_connection_create(const char *proxy_function,
                          backend_addr, conn->hostname);
             return HTTP_INTERNAL_SERVER_ERROR;
         }
+        if (conn->ssl_hostname) {
+            /* Set a note on the connection about what CN is requested,
+             * such that mod_ssl can check if it is requested to do so.
+             */
+            apr_table_setn(conn->connection->notes, "proxy-request-hostname",
+                           conn->ssl_hostname);
+        }
     }
     else {
         /* TODO: See if this will break FTP */