mod_proxy: Play/restore the TLS-SNI on new backend connections which

had to be issued because the remote closed the previous/reusable one during idle (keep-alive) time. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1729826 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2016-02-11 13:46:39 +00:00
parent dc83621bcd
commit 78b7a65fe2
2 changed files with 12 additions and 2 deletions
--- a/4
+++ b/4
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.5.0

+  *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
+     had to be issued because the remote closed the previous/reusable one
+     during idle (keep-alive) time.  [Yann Ylavic]
+
  *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
     urls. Uses, so far, one connection per request, reuses connections.
  
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2717,12 +2717,18 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,

    if (conn->sock) {
        if (!(connected = ap_proxy_is_socket_connected(conn->sock))) {
-            /* FIXME: this loses conn->ssl_hostname and it will not be
-             * restablished before the SSL connection is made -> no SNI! */
+            /* This clears conn->scpool (and associated data), so backup and
+             * restore any ssl_hostname for this connection set earlier by
+             * ap_proxy_determine_connection().
+             */
+            const char *ssl_hostname = conn->ssl_hostname;
+
            socket_cleanup(conn);
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
                         "%s: backend socket is disconnected.",
                         proxy_function);
+
+            conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
        }
    }
    while ((backend_addr || conn->uds_path) && !connected) {