From b83273006040db93e412f3f81497ecb4051872d8 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Tue, 19 Aug 2025 12:12:41 +0000 Subject: [PATCH] Remove condition which is always false If sslconn->non_ssl_request is set to either NON_SSL_SEND_REQLINE or NON_SSL_SEND_HDR_SEP we cannot close the connection here. We handle NON_SSL_SEND_REQLINE and NON_SSL_SEND_HDR_SEP later again in the input filter and in ssl_hook_ReadReq to return an appropriate error message to the client. PR: 69773 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927880 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/mod_ssl.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 93a46f2506..e48efb1a47 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -709,14 +709,23 @@ static int ssl_hook_process_connection(conn_rec* c) AP_MODE_INIT, APR_BLOCK_READ, 0); apr_brigade_destroy(temp); - if (APR_SUCCESS != APR_SUCCESS) { - if (c->cs) { - c->cs->state = CONN_STATE_LINGER; + if (rv != APR_SUCCESS) { + /* + * We handle NON_SSL_SEND_REQLINE and NON_SSL_SEND_HDR_SEP + * later again in the input filter and in ssl_hook_ReadReq + * to return an appropriate error message to the client. + * Hence do not close the connection here. + */ + if ((sslconn->non_ssl_request != NON_SSL_SEND_REQLINE) && + (sslconn->non_ssl_request != NON_SSL_SEND_HDR_SEP)) { + if (c->cs) { + c->cs->state = CONN_STATE_LINGER; + } + ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) + "SSL handshake was not completed, " + "closing connection"); + return OK; } - ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(10373) - "SSL handshake was not completed, " - "closing connection"); - return OK; } } -- 2.47.3