Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown

setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@161958 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 32 insertions, 40 deletions

diff --git a/mod_ssl.c b/mod_ssl.c
index 8e0512367a..146f7e7a66 100644
--- a/mod_ssl.c
+++ b/mod_ssl.c
@@ -478,6 +478,10 @@ static void ssl_hook_Insert_Filter(request_rec *r)
 
 static void ssl_register_hooks(apr_pool_t *p)
 {
+    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
+     * run after mod_setenvif's post_read_request hook. */ 
+    static const char *pre_prr[] = { "mod_setenvif.c", NULL };
+
     ssl_io_filter_register(p);
 
     ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -487,12 +491,11 @@ static void ssl_register_hooks(apr_pool_t *p)
     ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
     ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
 /*    ap_hook_handler       (ssl_hook_Upgrade,       NULL,NULL, APR_HOOK_MIDDLE); */
 
diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index 009ad76a7e..e2756dcfd0 100644
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -30,6 +30,8 @@
                                             -- Unknown                */
 #include "ssl_private.h"
 
+static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+
 /*
  *  Post Read Request Handler
  */
@@ -81,8 +83,31 @@ int ssl_hook_ReadReq(request_rec *r)
      * Get the SSL connection structure and perform the
      * delayed interlinking from SSL back to request_rec
      */
-    if ((ssl = sslconn->ssl)) {
-        SSL_set_app_data2(ssl, r);
+    ssl = sslconn->ssl;
+    if (!ssl) {
+        return DECLINED;
+    }
+    SSL_set_app_data2(ssl, r);
+
+    /*
+     * Log information about incoming HTTPS requests
+     */
+    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
+        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                     "%s HTTPS request received for child %ld (server %s)",
+                     (r->connection->keepalives <= 0 ?
+                     "Initial (No.1)" :
+                     apr_psprintf(r->pool, "Subsequent (No.%d)",
+                                  r->connection->keepalives+1)),
+                     r->connection->id,
+                     ssl_util_vhostid(r->pool, r->server));
+    }
+
+    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
+     * so they won't change across keepalive requests
+     */
+    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
+        ssl_configure_env(r, sslconn);
     }
 
     return DECLINED;
@@ -126,41 +151,6 @@ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
 }
 
 /*
- *  URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-
-    if (!(sslconn && sslconn->ssl)) {
-        return DECLINED;
-    }
-
-    /*
-     * Log information about incoming HTTPS requests
-     */
-    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-                     "%s HTTPS request received for child %ld (server %s)",
-                     (r->connection->keepalives <= 0 ?
-                     "Initial (No.1)" :
-                     apr_psprintf(r->pool, "Subsequent (No.%d)",
-                                  r->connection->keepalives+1)),
-                     r->connection->id,
-                     ssl_util_vhostid(r->pool, r->server));
-    }
-
-    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
-     * so they won't change across keepalive requests
-     */
-    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
-        ssl_configure_env(r, sslconn);
-    }
-
-    return DECLINED;
-}
-
-/*
  *  Access Handler
  */
 int ssl_hook_Access(request_rec *r)
diff --git a/ssl_private.h b/ssl_private.h
index 38fde07807..71db2d1fd5 100644
--- a/ssl_private.h
+++ b/ssl_private.h
@@ -531,7 +531,6 @@ void         ssl_init_Child(apr_pool_t *, server_rec *);
 apr_status_t ssl_init_ModuleKill(void *data);
 
 /*  Apache API hooks  */
-int          ssl_hook_Translate(request_rec *);
 int          ssl_hook_Auth(request_rec *);
 int          ssl_hook_UserCheck(request_rec *);
 int          ssl_hook_Access(request_rec *);