From: Yann Ylavic <ylavic@apache.org>
Date: Sat, 7 Jan 2017 12:57:16 +0000 (+0000)
Subject: Merge r1729826, r1729847, r1732986, r1733056 from trunk:
X-Git-Tag: 2.2.32~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9751154db263b4e382ca162e20d21d29321e1e87;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1729826, r1729847, r1732986, r1733056 from trunk:

mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time.

mod_proxy: follow up to r1729826: really copy conn->ssl_hostname.

mod_proxy: follow up to r1729826 + r1729847.
Adjust stacked ssl_hostname maximum size.

mod_proxy: follow up to r1729826 + r1729847 + r1732986.
Don't use magic constants.

Submitted by: ylavic
Reviewed by: ylavic, wrowe, covener, orlikowski


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777778 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index b719a25239c..fb4a949f414 100644
--- a/CHANGES
+++ b/CHANGES
@@ -51,6 +51,10 @@ Changes with Apache 2.2.32
   *) mod_proxy: Correctly consider error response codes by the backend when
      processing failonstatus. PR 59869 [Ruediger Pluem]
 
+  *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
+     had to be issued because the remote closed the previous/reusable one
+     during idle (keep-alive) time.  [Yann Ylavic]
+
   *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
      [Jan Kaluza, Yann Ylavic]
 
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index 0c5ff3700ca..5745b3dcf62 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -294,6 +294,11 @@ PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR )
 #define PROXY_WORKER_DEFAULT_RETRY  60
 #define PROXY_WORKER_MAX_ROUTE_SIZ  63
 
+/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
+ * dotted together(?) this would fit the below size (+ trailing NUL).
+ */
+#define PROXY_WORKER_RFC1035_NAME_SIZE  512
+
 /* Scoreboard */
 #if MODULE_MAGIC_NUMBER_MAJOR > 20020903
 #define PROXY_HAS_SCOREBOARD 1
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 985a60974d9..34c411eaba5 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2522,10 +2522,27 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
 
     if (conn->sock) {
         if (!(connected = is_socket_connected(conn->sock))) {
+            /* This clears conn->scpool (and associated data), so backup and
+             * restore any ssl_hostname for this connection set earlier by
+             * ap_proxy_determine_connection().
+             */
+            char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
+            if (!conn->ssl_hostname ||
+                    conn->ssl_hostname[apr_cpystrn(ssl_hostname,
+                                                   conn->ssl_hostname,
+                                                   sizeof ssl_hostname) -
+                                       ssl_hostname]) {
+                ssl_hostname[0] = '\0';
+            }
+
             socket_cleanup(conn);
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                          "proxy: %s: backend socket is disconnected.",
                          proxy_function);
+
+            if (ssl_hostname[0]) {
+                conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
+            }
         }
     }
     while (backend_addr && !connected) {