From: Colm MacCarthaigh Date: Tue, 24 Jan 2006 22:43:38 +0000 (+0000) Subject: merge r161958 from trunk: X-Git-Tag: 2.0.56~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=404c747897a61734c848498201f59d4dfb9e5843;p=thirdparty%2Fapache%2Fhttpd.git merge r161958 from trunk: Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown setting when configured e.g. as a reverse proxy: * modules/ssl/ssl_private.h: Remove ssl_hook_Translate. * modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in ssl_hook_Translate. (ssl_hook_Translate): Remove. * modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq hook runs after mod_setenvif.c; don't register translate_name hook. PR: 34452 Submitted by: jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@372036 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 31bd75a089f..c77bec26b4b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.56 + *) mod_ssl: Correct issue where mod_ssl does not pick up the + ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton] + *) Document the ReceiveBufferSize change done in r157583 [Murray Nesbitt ] diff --git a/STATUS b/STATUS index e5be6818812..44f7cbd9750 100644 --- a/STATUS +++ b/STATUS @@ -133,15 +133,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: http://svn.apache.org/viewcvs?view=rev&rev=154319 +1: stoddard, striker, wrowe (as corrected in subsequent patches) - *) mod_ssl: Fix issues picking up ssl-unclean-shutdown setting - for e.g. a reverse proxy config, breaking interop with MSIE - in some cases. - http://svn.apache.org/viewcvs?view=rev&rev=161958 - rediffed for 2.0.x as: - http://issues.apache.org/bugzilla/attachment.cgi?id=14804 - PR: 34452 - +1: jorton, trawick, jim - *) Block mod_cgid usage on Solaris 10 due to OS bugs. PR 34264. http://svn.apache.org/viewcvs?view=rev&rev=264866 +1: jerenkrantz, colm, jim diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 567067b1020..4415f9cefe7 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -391,6 +391,10 @@ static apr_port_t ssl_hook_default_port(const request_rec *r) static void ssl_register_hooks(apr_pool_t *p) { + /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must + * run after mod_setenvif's post_read_request hook. */ + static const char *pre_prr[] = { "mod_setenvif.c", NULL }; + ssl_io_filter_register(p); ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); @@ -399,12 +403,11 @@ static void ssl_register_hooks(apr_pool_t *p) ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE); ssl_var_register(); diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 0db1e28bf89..2d97884d44b 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -570,7 +570,6 @@ void ssl_init_Child(apr_pool_t *, server_rec *); apr_status_t ssl_init_ModuleKill(void *data); /* Apache API hooks */ -int ssl_hook_Translate(request_rec *); int ssl_hook_Auth(request_rec *); int ssl_hook_UserCheck(request_rec *); int ssl_hook_Access(request_rec *); diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 5086e916307..4f04d464fec 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -30,6 +30,8 @@ -- Unknown */ #include "mod_ssl.h" +static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); + /* * Post Read Request Handler */ @@ -81,8 +83,31 @@ int ssl_hook_ReadReq(request_rec *r) * Get the SSL connection structure and perform the * delayed interlinking from SSL back to request_rec */ - if ((ssl = sslconn->ssl)) { - SSL_set_app_data2(ssl, r); + ssl = sslconn->ssl; + if (!ssl) { + return DECLINED; + } + SSL_set_app_data2(ssl, r); + + /* + * Log information about incoming HTTPS requests + */ + if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, + "%s HTTPS request received for child %ld (server %s)", + (r->connection->keepalives <= 0 ? + "Initial (No.1)" : + apr_psprintf(r->pool, "Subsequent (No.%d)", + r->connection->keepalives+1)), + r->connection->id, + ssl_util_vhostid(r->pool, r->server)); + } + + /* SetEnvIf ssl-*-shutdown flags can only be per-server, + * so they won't change across keepalive requests + */ + if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) { + ssl_configure_env(r, sslconn); } return DECLINED; @@ -125,41 +150,6 @@ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn) } } -/* - * URL Translation Handler - */ -int ssl_hook_Translate(request_rec *r) -{ - SSLConnRec *sslconn = myConnConfig(r->connection); - - if (!(sslconn && sslconn->ssl)) { - return DECLINED; - } - - /* - * Log information about incoming HTTPS requests - */ - if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, - "%s HTTPS request received for child %ld (server %s)", - (r->connection->keepalives <= 0 ? - "Initial (No.1)" : - apr_psprintf(r->pool, "Subsequent (No.%d)", - r->connection->keepalives+1)), - r->connection->id, - ssl_util_vhostid(r->pool, r->server)); - } - - /* SetEnvIf ssl-*-shutdown flags can only be per-server, - * so they won't change across keepalive requests - */ - if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) { - ssl_configure_env(r, sslconn); - } - - return DECLINED; -} - /* * Access Handler */