mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()'

This messes-up error handling performed in 'ssl_io_filter_error()'
+1: ylavic, jim, minfrin

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1847278 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 0b53e7051fb0f1158fb869998b8d852bd3eecae4..2d5d335f14cf6bc7ea4004ec0f8bb1439c1a40fa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.38
 
+  *) mod_ssl: Fix the error code returned in an error path of
+     'ssl_io_filter_handshake()'. This messes-up error handling performed
+     in 'ssl_io_filter_error()' [Yann Ylavic]
+
   *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
      redirects, subsequent ProxyPassReverse statements, whether they are
      relative or absolute, may fail.  PR 60408.  [Peter Haworth <pmh1wheel gmail.com>]

diff --git a/STATUS b/STATUS
index 73bf61e3c8a65f1c901c38065b578659579ed73f..f3eb44d1c9dfa3ee0c848d3810c6d7f0e6c6473f 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -126,13 +126,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()'
-              This messes-up error handling performed in 'ssl_io_filter_error()'
-     trunk patch: http://svn.apache.org/r1645529
-                  http://svn.apache.org/r1839442
-     2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-mod_proxy-handshake-bad_gateway.patch
-     +1: ylavic, jim, minfrin
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 03aa0cec994559700dc73917ec4a83328aad1076..b398363b1cacb07cd871dca59388224cec1303e7 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -986,12 +986,10 @@ static apr_status_t ssl_io_filter_error(bio_filter_in_ctx_t *inctx,
             break;
 
     case MODSSL_ERROR_BAD_GATEWAY:
-        bucket = ap_bucket_error_create(HTTP_BAD_REQUEST, NULL,
-                                        f->c->pool,
-                                        f->c->bucket_alloc);
         ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, APLOGNO(01997)
                       "SSL handshake failed: sending 502");
-        break;
+        f->c->aborted = 1;
+        return APR_EGENERAL;
 
     default:
         return status;
@@ -1324,7 +1322,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
             /* ensure that the SSL structures etc are freed, etc: */
             ssl_filter_io_shutdown(filter_ctx, c, 1);
             apr_table_setn(c->notes, "SSL_connect_rv", "err");
-            return HTTP_BAD_GATEWAY;
+            return MODSSL_ERROR_BAD_GATEWAY;
         }
 
         apr_table_setn(c->notes, "SSL_connect_rv", "ok");