www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code

Browse Source 
for clients requesting a hostname on a reused connection whose SNI (from the
TLS handshake) does not match.
PR 5802.

This allows HTTP/2 clients to fall back to a new connection as per:
https://tools.ietf.org/html/rfc7540#section-9.1.2

Proposed by: Stefan Eissing <stefan eissing.org>
Reviewed by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685069 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2015-06-12 11:33:22 +00:00
parent 488f6e0459
commit 33d6aaf455
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/httpd.h
View File

@@ -519,6 +519,7 @@ AP_DECLARE(const char *) ap_get_server_built(void);
#define HTTP_RANGE_NOT_SATISFIABLE 416 #define HTTP_RANGE_NOT_SATISFIABLE 416
#define HTTP_EXPECTATION_FAILED 417 #define HTTP_EXPECTATION_FAILED 417
#define HTTP_IM_A_TEAPOT 418 #define HTTP_IM_A_TEAPOT 418
#define HTTP_MISDIRECTED_REQUEST 421
#define HTTP_UNPROCESSABLE_ENTITY 422 #define HTTP_UNPROCESSABLE_ENTITY 422
#define HTTP_LOCKED 423 #define HTTP_LOCKED 423
#define HTTP_FAILED_DEPENDENCY 424 #define HTTP_FAILED_DEPENDENCY 424

7
modules/http/http_protocol.c
View File

@@ -135,7 +135,7 @@ static const char * const status_lines[RESPONSE_CODES] =
"418 I'm A Teapot", "418 I'm A Teapot",
NULL, /* 419 */ NULL, /* 419 */
NULL, /* 420 */ NULL, /* 420 */
NULL, /* 421 */ "421 Misdirected Request",
"422 Unprocessable Entity", "422 Unprocessable Entity",
"423 Locked", "423 Locked",
"424 Failed Dependency", "424 Failed Dependency",
@@ -1308,6 +1308,11 @@ static const char *get_canned_error_string(int status,
case HTTP_IM_A_TEAPOT: case HTTP_IM_A_TEAPOT:
return("<p>The resulting entity body MAY be short and\n" return("<p>The resulting entity body MAY be short and\n"
"stout.</p>\n"); "stout.</p>\n");
case HTTP_MISDIRECTED_REQUEST:
return("<p>The client needs a new connection for this\n"
"request as the requested host name does not match\n"
"the Server Name Indication (SNI) in use for this\n"
"connection.</p>\n");
default: /* HTTP_INTERNAL_SERVER_ERROR */ default: /* HTTP_INTERNAL_SERVER_ERROR */
/* /*
* This comparison to expose error-notes could be modified to * This comparison to expose error-notes could be modified to

3
modules/ssl/ssl_engine_kernel.c
View File

@@ -204,6 +204,9 @@ int ssl_hook_ReadReq(request_rec *r)
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032) ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
"Hostname %s provided via SNI and hostname %s provided" "Hostname %s provided via SNI and hostname %s provided"
" via HTTP are different", servername, host); " via HTTP are different", servername, host);
if (r->connection->keepalives > 0) {
return HTTP_MISDIRECTED_REQUEST;
}
return HTTP_BAD_REQUEST; return HTTP_BAD_REQUEST;
} }
} }