mod_proxy_ajp: Forward SSL protocol name (SSLv3, TLSv1.1 etc.) as a
request attribute to the backend. The name is taken from
the SSL_PROTOCOL env var. Recent Tomcat versions will extract
it and provide it as a servlet request attribute named
"org.apache.tomcat.util.net.secure_protocol_version".
The change is compatible with existing AJP13, because we forward
the protocol name as a normal named attribute, not with a new
byte abbreviated attribute name.
Submitted by: rjung
Reviewed by: rjung, ylavic, covener
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1662076 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.13
+ *) mod_proxy_ajp: Forward SSL protocol name (SSLv3, TLSv1.1 etc.) as a
+ request attribute to the backend. Recent Tomcat versions will extract
+ it and provide it as a servlet request attribute named
+ "org.apache.tomcat.util.net.secure_protocol_version". [Rainer Jung]
+
*) core: Optimize string concatenation in expression parser when evaluating
a string expression. [Rainer Jung]
2.4.x patch: trunk works
+1: jailletc36, ylavic, covener
- * mod_proxy_ajp: Forward SSL protocol name (from SSL_PROTOCOL).
- Forthcoming Tomcat versions know how to extract it and will
- provide it as a servlet request attribute.
- The change is compatible with existing AJP13, because we forward
- the protocol name as a normal named attribute, not with a new
- byte abbreviated attribute name.
- trunk patch: http://svn.apache.org/r1661067
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: rjung, ylavic, covener
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
/* The following environment variables match mod_ssl! */
#define AJP13_HTTPS_INDICATOR "HTTPS"
+#define AJP13_SSL_PROTOCOL_INDICATOR "SSL_PROTOCOL"
#define AJP13_SSL_CLIENT_CERT_INDICATOR "SSL_CLIENT_CERT"
#define AJP13_SSL_CIPHER_INDICATOR "SSL_CIPHER"
#define AJP13_SSL_SESSION_INDICATOR "SSL_SESSION_ID"
return AJP_EOVERFLOW;
}
}
+ /* Forward the SSL protocol name.
+ * Modern Tomcat versions know how to retrieve
+ * the protocol name from this attribute.
+ */
+ if (is_ssl) {
+ if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+ AJP13_SSL_PROTOCOL_INDICATOR))
+ && envvar[0]) {
+ const char *key = SC_A_SSL_PROTOCOL;
+ if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
+ ajp_msg_append_string(msg, key) ||
+ ajp_msg_append_string(msg, envvar)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02830)
+ "ajp_marshal_into_msgb: "
+ "Error appending attribute %s=%s",
+ key, envvar);
+ return AJP_EOVERFLOW;
+ }
+ }
+ }
/* Forward the remote port information, which was forgotten
* from the builtin data of the AJP 13 protocol.
* Since the servlet spec allows to retrieve it via getRemotePort(),
/*
* AJP private request attributes
*
+ * The following request attribute is recognized by Tomcat
+ * to contain the SSL protocol name
+ */
+#define SC_A_SSL_PROTOCOL ("AJP_SSL_PROTOCOL")
+/*
* The following request attribute is recognized by Tomcat
* to contain the forwarded remote port.
*/
projects / thirdparty / apache / httpd.git / commitdiff
