forwarding to SSL backends.
PR: 53134
Backports: r1333969
Submitted by: Michael Weiser <michael weiser.dinsnail.net>, rpluem
Reviewed by: covener, wrowe, rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1497470 13f79535-47bb-0310-9956-
ffa450edef68
*) mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
+ *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
+ forwarding to SSL backends. PR 53134.
+ [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
+
*) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy_http: Use the same hostname for SNI as for the HTTP request when
- forwarding to SSL backends.
- PR: 53134
- Based on a patch from: Michael Weiser <michael weiser.dinsnail.net>
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1333969
- 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356881
- 2.2.x patch: http://people.apache.org/~rjung/patches/mod_proxy_http-fix-hostname-ssl-2_2.patch
- +1: covener, wrowe, rjung (w/r1175416 above applied first)
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
* so.
*/
if (is_ssl) {
+ const char *ssl_hostname;
+
+ /*
+ * In the case of ProxyPreserveHost on use the hostname of
+ * the request if present otherwise use the one from the
+ * backend request URI.
+ */
+ if ((conf->preserve_host != 0) && (r->hostname != NULL)) {
+ ssl_hostname = r->hostname;
+ }
+ else {
+ ssl_hostname = uri->hostname;
+ }
+
apr_table_set(backend->connection->notes, "proxy-request-hostname",
- uri->hostname);
+ ssl_hostname);
}
}
projects / thirdparty / apache / httpd.git / commitdiff
