summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Eissing <icing@apache.org>2015-11-19 16:06:32 +0000
committerStefan Eissing <icing@apache.org>2015-11-19 16:06:32 +0000
commit7228bf6236c38452d77efe1ea460ea783ff6055a (patch)
treeab6c7fa668c4a1d9ade2ee450d932312071558ab
parentca04f6867dab2c831da80bf09a67594e8da1e47c (diff)
downloadhttpd-2.4.17-protocols-changes.tar.gz
merged r1715023 as proposed by ylavic2.4.17-protocols-changes
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-changes@1715202 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--modules/ssl/ssl_engine_io.c31
-rw-r--r--modules/ssl/ssl_private.h1
2 files changed, 25 insertions, 7 deletions
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 44ed8dad56..424f4e5ef5 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -863,7 +863,8 @@ static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
static apr_status_t ssl_io_filter_error(ap_filter_t *f,
apr_bucket_brigade *bb,
- apr_status_t status)
+ apr_status_t status,
+ int is_init)
{
SSLConnRec *sslconn = myConnConfig(f->c);
apr_bucket *bucket;
@@ -877,8 +878,13 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
"trying to send HTML error page");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
- sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
ssl_io_filter_disable(sslconn, f);
+ f->c->keepalive = AP_CONN_CLOSE;
+ if (is_init) {
+ sslconn->non_ssl_request = NON_SSL_SEND_REQLINE;
+ return APR_EGENERAL;
+ }
+ sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
/* fake the request line */
bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
@@ -1332,11 +1338,22 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
}
if (!inctx->ssl) {
+ apr_bucket *bucket;
SSLConnRec *sslconn = myConnConfig(f->c);
+ if (sslconn->non_ssl_request == NON_SSL_SEND_REQLINE) {
+ bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, bucket);
+ if (mode != AP_MODE_SPECULATIVE) {
+ sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
+ }
+ return APR_SUCCESS;
+ }
if (sslconn->non_ssl_request == NON_SSL_SEND_HDR_SEP) {
- apr_bucket *bucket = apr_bucket_immortal_create(CRLF, 2, f->c->bucket_alloc);
+ bucket = apr_bucket_immortal_create(CRLF, 2, f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, bucket);
- sslconn->non_ssl_request = NON_SSL_SET_ERROR_MSG;
+ if (mode != AP_MODE_SPECULATIVE) {
+ sslconn->non_ssl_request = NON_SSL_SET_ERROR_MSG;
+ }
return APR_SUCCESS;
}
return ap_get_brigade(f->next, bb, mode, block, readbytes);
@@ -1357,7 +1374,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
* rather than have SSLEngine On configured.
*/
if ((status = ssl_io_filter_handshake(inctx->filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
+ return ssl_io_filter_error(f, bb, status, is_init);
}
if (is_init) {
@@ -1411,7 +1428,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
/* Handle custom errors. */
if (status != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
+ return ssl_io_filter_error(f, bb, status, 0);
}
/* Create a transient bucket out of the decrypted data. */
@@ -1597,7 +1614,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
inctx->block = APR_BLOCK_READ;
if ((status = ssl_io_filter_handshake(filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
+ return ssl_io_filter_error(f, bb, status, 0);
}
while (!APR_BRIGADE_EMPTY(bb) && status == APR_SUCCESS) {
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 111f6a7d4d..a70208aa41 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -442,6 +442,7 @@ typedef struct {
int disabled;
enum {
NON_SSL_OK = 0, /* is SSL request, or error handling completed */
+ NON_SSL_SEND_REQLINE, /* Need to send the fake request line */
NON_SSL_SEND_HDR_SEP, /* Need to send the header separator */
NON_SSL_SET_ERROR_MSG /* Need to set the error message */
} non_ssl_request;
View Lorry Controller Status