* Put a note in the connection notes that the SSL handshake to the backend
failed such that mod_proxy can put the worker in error state.
PR: 50332
Submitted by: Daniel Ruggeri <DRuggeri primary.net>
Reviewed by: rpluem
* Fix r1039304 and make the patch similar to the one proposed for
2.2.x: If the SSL handshake to the backend fails we cannot even
sent an HTTP request. So the check needs to happen already when
we sent data not when we receive data.
Reviewed by: rpluem, jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1069773 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) mod_proxy: Put the worker in error state if the SSL handshake with the
+ backend fails. PR 50332.
+ [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
+
*) prefork: Update MPM state in children during a graceful restart.
Allow the HTTP connection handling loop to terminate early
during a graceful restart. PR 41743.
enabling/disabling the basic capability is not split out into mod_unixd 2.2.x.
+1: trawick, covener, wrowe
- * mod_proxy_http: Become aware of ssl handshake failures when attempting
- to pass request. Makes it so workers are put in error state when a
- handshake failure is encountered.
- PR50332
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1039304
- http://svn.apache.org/viewvc?view=revision&revision=1053584
- 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26450
- +1: rpluem, jim, wrowe
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
"proxy: pass request body failed to %pI (%s)",
conn->addr, conn->hostname);
- if (origin->aborted) {
+ if (origin->aborted) {
+ if (strcmp(apr_table_get(origin->notes,
+ "SSL_connect_rv"), "err") == 0) {
+ return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+ "Error during SSL Handshake with"
+ " remote server");
+ }
return APR_STATUS_IS_TIMEUP(status) ? HTTP_GATEWAY_TIME_OUT : HTTP_BAD_GATEWAY;
}
- else {
+ else {
return HTTP_BAD_REQUEST;
}
}
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
/* ensure that the SSL structures etc are freed, etc: */
ssl_filter_io_shutdown(filter_ctx, c, 1);
+ apr_table_set(c->notes, "SSL_connect_rv", "err");
return HTTP_BAD_GATEWAY;
}
}
/* ensure that the SSL structures etc are freed, etc: */
ssl_filter_io_shutdown(filter_ctx, c, 1);
+ apr_table_set(c->notes, "SSL_connect_rv", "err");
return HTTP_BAD_GATEWAY;
}
X509_free(cert);
hostname, hostname_note);
/* ensure that the SSL structures etc are freed, etc: */
ssl_filter_io_shutdown(filter_ctx, c, 1);
+ apr_table_set(c->notes, "SSL_connect_rv", "err");
return HTTP_BAD_GATEWAY;
}
}
+ apr_table_set(c->notes, "SSL_connect_rv", "ok");
return APR_SUCCESS;
}
projects / thirdparty / apache / httpd.git / commitdiff
