From: Stefan Eissing Date: Mon, 1 Aug 2022 12:56:11 +0000 (+0000) Subject: *) mod_ssl: when a proxy connection had handled a request using SSL, an X-Git-Tag: 2.5.0-alpha2-ci-test-only~255 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e835f22affadfcfa3908277611a0e9961ece1c1;p=thirdparty%2Fapache%2Fhttpd.git *) mod_ssl: when a proxy connection had handled a request using SSL, an error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection continued to work, the error log was in error. Fixed PR66190. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903167 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/ssl_proxy_bind.txt b/changes-entries/ssl_proxy_bind.txt new file mode 100644 index 00000000000..4eba294bd8f --- /dev/null +++ b/changes-entries/ssl_proxy_bind.txt @@ -0,0 +1,5 @@ + *) mod_ssl: when a proxy connection had handled a request using SSL, an + error was logged when "SSLProxyEngine" was only configured in the + location/proxy section and not the overall server. The connection + continued to work, the error log was in error. Fixed PR66190. + [Stefan Eissing] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index d1f6fbbc1f1..93745fe3eda 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -556,6 +556,13 @@ static int ssl_hook_ssl_bind_outgoing(conn_rec *c, int status; sslconn = ssl_init_connection_ctx(c, per_dir_config, 1); + if (sslconn->ssl) { + /* we are already bound to this connection. We have rebound + * or removed the reference to a previous per_dir_config, + * there is nothing more to do. */ + return OK; + } + status = ssl_engine_status(c, sslconn); if (enable_ssl) { if (status != OK) { diff --git a/test/modules/proxy/env.py b/test/modules/proxy/env.py index 41c25d9c3e6..9ed635cd5fb 100644 --- a/test/modules/proxy/env.py +++ b/test/modules/proxy/env.py @@ -17,7 +17,7 @@ class ProxyTestSetup(HttpdTestSetup): def __init__(self, env: 'HttpdTestEnv'): super().__init__(env=env) self.add_source_dir(os.path.dirname(inspect.getfile(ProxyTestSetup))) - self.add_modules(["proxy", "proxy_http"]) + self.add_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests"]) class ProxyTestEnv(HttpdTestEnv): @@ -30,7 +30,7 @@ class ProxyTestEnv(HttpdTestEnv): self._d_forward = f"forward.{self.http_tld}" self._d_mixed = f"mixed.{self.http_tld}" - self.add_httpd_log_modules(["proxy", "proxy_http"]) + self.add_httpd_log_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests", "ssl"]) self.add_cert_specs([ CertificateSpec(domains=[ self._d_forward, self._d_reverse, self._d_mixed @@ -38,6 +38,9 @@ class ProxyTestEnv(HttpdTestEnv): CertificateSpec(domains=[f"noh2.{self.http_tld}"], key_type='rsa2048'), ]) + def setup_httpd(self, setup: HttpdTestSetup = None): + super().setup_httpd(setup=ProxyTestSetup(env=self)) + @property def d_forward(self): return self._d_forward diff --git a/test/modules/proxy/test_01_http.py b/test/modules/proxy/test_01_http.py index cdb98b0997c..77635652420 100644 --- a/test/modules/proxy/test_01_http.py +++ b/test/modules/proxy/test_01_http.py @@ -1,4 +1,6 @@ import os +import time + import pytest from pyhttpd.conf import HttpdConf @@ -69,3 +71,24 @@ class TestProxyHttp: assert r.response["status"] == 200 assert r.json['host'] == seen + def test_proxy_01_003(self, env): + domain = f"test1.{env.http_tld}" + conf = HttpdConf(env) + conf.add([ + "ProxyPreserveHost on", + "", + f" BalancerMember https://localhost:{env.https_port}", + " SSLProxyEngine on", + "", + ]) + conf.start_vhost(domains=[domain], port=env.https_port, doc_root="htdocs/test1") + conf.add([ + "ProxyPass /proxy balancer://backends", + "ProxyPassReverse /proxy balancer://backends", + ]) + conf.end_vhost() + conf.install() + assert env.apache_restart() == 0 + r = env.curl_get(f"https://{domain}:{env.https_port}/proxy/alive.json", 5) + assert r.response["status"] == 200 + assert r.json['host'] == "test1"