diff options
author | Joe Orton <jorton@apache.org> | 2005-04-19 20:02:09 +0000 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2005-04-19 20:02:09 +0000 |
commit | ad3c259ae8ad28fe92c0ea1d4dee51fbf2a76561 (patch) | |
tree | 47549684d78038d9563883e8d9a531c3fda5593c | |
parent | 973778b0d557737752e542df5f47633427be06e0 (diff) | |
download | httpd-ad3c259ae8ad28fe92c0ea1d4dee51fbf2a76561.tar.gz |
Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown
setting when configured e.g. as a reverse proxy:
* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate. (ssl_hook_Translate): Remove.
* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.
PR: 34452
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@161958 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | mod_ssl.c | 7 | ||||
-rw-r--r-- | ssl_engine_kernel.c | 64 | ||||
-rw-r--r-- | ssl_private.h | 1 |
3 files changed, 32 insertions, 40 deletions
@@ -478,6 +478,10 @@ static void ssl_hook_Insert_Filter(request_rec *r) static void ssl_register_hooks(apr_pool_t *p) { + /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must + * run after mod_setenvif's post_read_request hook. */ + static const char *pre_prr[] = { "mod_setenvif.c", NULL }; + ssl_io_filter_register(p); ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); @@ -487,12 +491,11 @@ static void ssl_register_hooks(apr_pool_t *p) ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE); ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE); /* ap_hook_handler (ssl_hook_Upgrade, NULL,NULL, APR_HOOK_MIDDLE); */ diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c index 009ad76a7e..e2756dcfd0 100644 --- a/ssl_engine_kernel.c +++ b/ssl_engine_kernel.c @@ -30,6 +30,8 @@ -- Unknown */ #include "ssl_private.h" +static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); + /* * Post Read Request Handler */ @@ -81,8 +83,31 @@ int ssl_hook_ReadReq(request_rec *r) * Get the SSL connection structure and perform the * delayed interlinking from SSL back to request_rec */ - if ((ssl = sslconn->ssl)) { - SSL_set_app_data2(ssl, r); + ssl = sslconn->ssl; + if (!ssl) { + return DECLINED; + } + SSL_set_app_data2(ssl, r); + + /* + * Log information about incoming HTTPS requests + */ + if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, + "%s HTTPS request received for child %ld (server %s)", + (r->connection->keepalives <= 0 ? + "Initial (No.1)" : + apr_psprintf(r->pool, "Subsequent (No.%d)", + r->connection->keepalives+1)), + r->connection->id, + ssl_util_vhostid(r->pool, r->server)); + } + + /* SetEnvIf ssl-*-shutdown flags can only be per-server, + * so they won't change across keepalive requests + */ + if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) { + ssl_configure_env(r, sslconn); } return DECLINED; @@ -126,41 +151,6 @@ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn) } /* - * URL Translation Handler - */ -int ssl_hook_Translate(request_rec *r) -{ - SSLConnRec *sslconn = myConnConfig(r->connection); - - if (!(sslconn && sslconn->ssl)) { - return DECLINED; - } - - /* - * Log information about incoming HTTPS requests - */ - if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, - "%s HTTPS request received for child %ld (server %s)", - (r->connection->keepalives <= 0 ? - "Initial (No.1)" : - apr_psprintf(r->pool, "Subsequent (No.%d)", - r->connection->keepalives+1)), - r->connection->id, - ssl_util_vhostid(r->pool, r->server)); - } - - /* SetEnvIf ssl-*-shutdown flags can only be per-server, - * so they won't change across keepalive requests - */ - if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) { - ssl_configure_env(r, sslconn); - } - - return DECLINED; -} - -/* * Access Handler */ int ssl_hook_Access(request_rec *r) diff --git a/ssl_private.h b/ssl_private.h index 38fde07807..71db2d1fd5 100644 --- a/ssl_private.h +++ b/ssl_private.h @@ -531,7 +531,6 @@ void ssl_init_Child(apr_pool_t *, server_rec *); apr_status_t ssl_init_ModuleKill(void *data); /* Apache API hooks */ -int ssl_hook_Translate(request_rec *); int ssl_hook_Auth(request_rec *); int ssl_hook_UserCheck(request_rec *); int ssl_hook_Access(request_rec *); |