www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Perform SNI checks only on the initial request. In particular,

Browse Source 
if these checks detect a problem, the checks shouldn't return an
error again when processing an ErrorDocument redirect for the
original problem.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609914 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jeff Trawick
2014-07-12 13:26:42 +00:00
parent c37d4591a6
commit fe07b16cc2
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,6 +1,9 @@
-*- coding: utf-8 -*- -*- coding: utf-8 -*-
Changes with Apache 2.5.0 Changes with Apache 2.5.0
*) mod_ssl: Fix issue with redirects to error documents when handling
SNI errors. [Jeff Trawick]
*) mod_authnz_ldap: Return LDAP connections to the pool before the handler *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
is run, instead of waiting until the end of the request. [Eric Covener] is run, instead of waiting until the end of the request. [Eric Covener]

8
modules/ssl/ssl_engine_kernel.c
View File

@@ -164,7 +164,13 @@ int ssl_hook_ReadReq(request_rec *r)
return DECLINED; return DECLINED;
} }
#ifdef HAVE_TLSEXT #ifdef HAVE_TLSEXT
if (r->proxyreq != PROXYREQ_PROXY) { /*
* Perform SNI checks only on the initial request. In particular,
* if these checks detect a problem, the checks shouldn't return an
* error again when processing an ErrorDocument redirect for the
* original problem.
*/
if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
char *host, *scope_id; char *host, *scope_id;
apr_port_t port; apr_port_t port;