From: Graham Leggett Date: Sun, 23 Jan 2022 21:16:06 +0000 (+0000) Subject: mod_ssl: We no longer throw away handshake errors. Handle APR_EGENERAL X-Git-Tag: 2.5.0-alpha2-ci-test-only~549 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4666e42cc023a95a432895da8b3106907e274525;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: We no longer throw away handshake errors. Handle APR_EGENERAL which means that mod_ssl has passed an http error down the stack. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897387 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index daf369612ba..e2013a8dec3 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -10370 +10374 diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 1714380df8d..276ee55b7b9 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -723,17 +723,37 @@ static int ssl_hook_process_connection(conn_rec* c) if (rv == APR_SUCCESS) { /* great news, lets continue */ + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10370) + "SSL handshake completed, continuing"); + status = DECLINED; } else if (rv == APR_EAGAIN) { /* we've been asked to come around again, don't block */ - status = OK; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10371) + "SSL handshake in progress, continuing"); + + status = OK; + } + else if (rv == APR_EGENERAL) { + /* handshake error, but mod_ssl handled it */ + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(10372) + "SSL handshake failed, returning error response"); + + status = DECLINED; } else { /* we failed, give up */ cs->state = CONN_STATE_LINGER; + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) + "SSL handshake was not completed, " + "closing connection"); + status = OK; } }