From: Rainer Jung <rjung@apache.org>
Date: Fri, 20 Feb 2015 07:27:44 +0000 (+0000)
Subject: mod_proxy_ajp: Forward SSL_PROTOCOL. Forthcoming
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a72fcd75c29f3d2e729af8f3ea86577d0a0343d6;p=thirdparty%2Fapache%2Fhttpd.git

mod_proxy_ajp: Forward SSL_PROTOCOL. Forthcoming
versions of Tomcat know how to extract the information
and provide it as a request attribute.

Compatibility is not broken, because we forward it
as a named request attribute, not with a new byte
encoded name.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1661067 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
index d2d681d662c..1b60cfc1e9e 100644
--- a/modules/proxy/ajp.h
+++ b/modules/proxy/ajp.h
@@ -60,6 +60,7 @@
 
 /* The following environment variables match mod_ssl! */
 #define AJP13_HTTPS_INDICATOR           "HTTPS"
+#define AJP13_SSL_PROTOCOL_INDICATOR    "SSL_PROTOCOL"
 #define AJP13_SSL_CLIENT_CERT_INDICATOR "SSL_CLIENT_CERT"
 #define AJP13_SSL_CIPHER_INDICATOR      "SSL_CIPHER"
 #define AJP13_SSL_SESSION_INDICATOR     "SSL_SESSION_ID"
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index 8f9a2fcd3de..edb9d23cac9 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -415,6 +415,26 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
             return AJP_EOVERFLOW;
         }
     }
+    /* Forward the SSL protocol name.
+     * Modern Tomcat versions know how to retrieve
+     * the protocol name from this attribute.
+     */
+    if (is_ssl) {
+        if ((envvar = ap_proxy_ssl_val(r->pool, r->server, r->connection, r,
+                                       AJP13_SSL_PROTOCOL_INDICATOR))
+            && envvar[0]) {
+            const char *key = SC_A_SSL_PROTOCOL;
+            if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) ||
+                ajp_msg_append_string(msg, key)   ||
+                ajp_msg_append_string(msg, envvar)) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02830)
+                        "ajp_marshal_into_msgb: "
+                        "Error appending attribute %s=%s",
+                        key, envvar);
+                return AJP_EOVERFLOW;
+            }
+        }
+    }
     /* Forward the remote port information, which was forgotten
      * from the builtin data of the AJP 13 protocol.
      * Since the servlet spec allows to retrieve it via getRemotePort(),
diff --git a/modules/proxy/ajp_header.h b/modules/proxy/ajp_header.h
index 0f5fdaa81ea..4c22ac7c610 100644
--- a/modules/proxy/ajp_header.h
+++ b/modules/proxy/ajp_header.h
@@ -47,6 +47,11 @@
 /*
  * AJP private request attributes
  *
+ * The following request attribute is recognized by Tomcat
+ * to contain the SSL protocol name
+ */
+#define SC_A_SSL_PROTOCOL        ("AJP_SSL_PROTOCOL")
+/*
  * The following request attribute is recognized by Tomcat
  * to contain the forwarded remote port.
  */