From: Ruediger Pluem Date: Tue, 19 Aug 2025 12:12:41 +0000 (+0000) Subject: Remove condition which is always false X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b83273006040db93e412f3f81497ecb4051872d8;p=thirdparty%2Fapache%2Fhttpd.git Remove condition which is always false If sslconn->non_ssl_request is set to either NON_SSL_SEND_REQLINE or NON_SSL_SEND_HDR_SEP we cannot close the connection here. We handle NON_SSL_SEND_REQLINE and NON_SSL_SEND_HDR_SEP later again in the input filter and in ssl_hook_ReadReq to return an appropriate error message to the client. PR: 69773 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927880 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 93a46f2506..e48efb1a47 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -709,14 +709,23 @@ static int ssl_hook_process_connection(conn_rec* c) AP_MODE_INIT, APR_BLOCK_READ, 0); apr_brigade_destroy(temp); - if (APR_SUCCESS != APR_SUCCESS) { - if (c->cs) { - c->cs->state = CONN_STATE_LINGER; + if (rv != APR_SUCCESS) { + /* + * We handle NON_SSL_SEND_REQLINE and NON_SSL_SEND_HDR_SEP + * later again in the input filter and in ssl_hook_ReadReq + * to return an appropriate error message to the client. + * Hence do not close the connection here. + */ + if ((sslconn->non_ssl_request != NON_SSL_SEND_REQLINE) && + (sslconn->non_ssl_request != NON_SSL_SEND_HDR_SEP)) { + if (c->cs) { + c->cs->state = CONN_STATE_LINGER; + } + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) + "SSL handshake was not completed, " + "closing connection"); + return OK; } - ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) - "SSL handshake was not completed, " - "closing connection"); - return OK; } }