From: Graham Leggett Date: Fri, 23 Nov 2018 14:49:50 +0000 (+0000) Subject: mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()' X-Git-Tag: 2.4.38~75 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a323b509b8ea58175bab1c03d5a4a0f05ad1092;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()' This messes-up error handling performed in 'ssl_io_filter_error()' +1: ylavic, jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1847278 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 0b53e7051fb..2d5d335f14c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.38 + *) mod_ssl: Fix the error code returned in an error path of + 'ssl_io_filter_handshake()'. This messes-up error handling performed + in 'ssl_io_filter_error()' [Yann Ylavic] + *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative redirects, subsequent ProxyPassReverse statements, whether they are relative or absolute, may fail. PR 60408. [Peter Haworth ] diff --git a/STATUS b/STATUS index 73bf61e3c8a..f3eb44d1c9d 100644 --- a/STATUS +++ b/STATUS @@ -126,13 +126,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ssl: Fix the error code returned in an error path of 'ssl_io_filter_handshake()' - This messes-up error handling performed in 'ssl_io_filter_error()' - trunk patch: http://svn.apache.org/r1645529 - http://svn.apache.org/r1839442 - 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-mod_proxy-handshake-bad_gateway.patch - +1: ylavic, jim, minfrin - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 03aa0cec994..b398363b1ca 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -986,12 +986,10 @@ static apr_status_t ssl_io_filter_error(bio_filter_in_ctx_t *inctx, break; case MODSSL_ERROR_BAD_GATEWAY: - bucket = ap_bucket_error_create(HTTP_BAD_REQUEST, NULL, - f->c->pool, - f->c->bucket_alloc); ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, APLOGNO(01997) "SSL handshake failed: sending 502"); - break; + f->c->aborted = 1; + return APR_EGENERAL; default: return status; @@ -1324,7 +1322,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); apr_table_setn(c->notes, "SSL_connect_rv", "err"); - return HTTP_BAD_GATEWAY; + return MODSSL_ERROR_BAD_GATEWAY; } apr_table_setn(c->notes, "SSL_connect_rv", "ok");