From: Ruediger Pluem Date: Fri, 26 Nov 2010 10:33:19 +0000 (+0000) Subject: * Put a note in the connection notes that the SSL handshake to the backend X-Git-Tag: 2.3.10~190 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5daa6b7a7db05e0987b80a24ba4b5d1b8354c336;p=thirdparty%2Fapache%2Fhttpd.git * Put a note in the connection notes that the SSL handshake to the backend failed such that mod_proxy can put the worker in error state. PR: 50332 Submitted by: Daniel Ruggeri Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1039304 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7c0dc7ba05b..3e6d875abfc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,11 @@ - -*- coding: utf-8 -*- + -*- coding: utf-8 -*- Changes with Apache 2.3.10 + *) mod_proxy: Put the worker in error state if the SSL handshake with the + backend fails. PR 50332. + [Daniel Ruggeri , Ruediger Pluem] + *) mod_cache_disk: Fix Windows build which was broken after renaming the module. [Gregg L. Smith] diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 57381247488..61d59252ac6 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1468,6 +1468,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, "Timeout on 100-Continue"); } } + else if (strcmp(apr_table_get(backend->connection->notes, + "SSL_connect_rv"), "err") == 0) { + return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, + "Error during SSL Handshake with" + " remote server"); + } /* * If we are a reverse proxy request shutdown the connection * WITHOUT ANY response to trigger a retry by the client diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index e64fd3bc56b..da64c059538 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1091,6 +1091,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server); /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return MODSSL_ERROR_BAD_GATEWAY; } @@ -1108,6 +1109,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) } /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return HTTP_BAD_GATEWAY; } X509_free(cert); @@ -1127,10 +1129,12 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) hostname, hostname_note); /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return HTTP_BAD_GATEWAY; } } + apr_table_set(c->notes, "SSL_connect_rv", "ok"); return APR_SUCCESS; }