From: Jeff Trawick <trawick@apache.org>
Date: Sat, 12 Jul 2014 14:48:04 +0000 (+0000)
Subject: Set an error note for requests rejected due to SSLStrictSNIVHostCheck.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e89195d462daee08ae18bb5368a5f21cb3b36404;p=thirdparty%2Fapache%2Fhttpd.git

Set an error note for requests rejected due to SSLStrictSNIVHostCheck.
This allows custom error documents to include the specific reason
for denying access to the server.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609936 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 9f4c6ecf948..70843df14de 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Set an error note for requests rejected due to
+     SSLStrictSNIVHostCheck.  [Jeff Trawick]
+
   *) mod_ssl: Fix issue with redirects to error documents when handling
      SNI errors.  [Jeff Trawick]
 
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index ea1298a5b8f..a14e6afe3e7 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -220,6 +220,10 @@ int ssl_hook_ReadReq(request_rec *r)
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02033)
                          "No hostname was provided via SNI for a name based"
                          " virtual host");
+            apr_table_setn(r->notes, "error-notes",
+                           "Reason: The client software did not provide a "
+                           "hostname using Server Name Indication (SNI), "
+                           "which is required to access this server.<br />\n");
             return HTTP_FORBIDDEN;
         }
     }