*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is (3805ede7) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.5.1

		*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
		in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
		Fixed. [Michael Kaufmann]

		*) mod_http2: new configuration directive: ```H2Padding numbits``` to control
		padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
		controlling the range of padding bytes added to a frame. The actual number

+14 −10

Original line number	Diff line number	Diff line
		@@ -129,9 +129,11 @@ h2_headers h2_headers_rcreate(request_rec r, int status,
		{
		h2_headers *headers = h2_headers_create(status, header, r->notes, 0, pool);
		if (headers->status == HTTP_FORBIDDEN) {
		const char *cause = apr_table_get(r->notes, "ssl-renegotiate-forbidden");
		request_rec *r_prev;
		for (r_prev = r; r_prev != NULL; r_prev = r_prev->prev) {
		const char *cause = apr_table_get(r_prev->notes, "ssl-renegotiate-forbidden");
		if (cause) {
		/* This request triggered a TLS renegotiation that is now allowed
		/* This request triggered a TLS renegotiation that is not allowed
		* in HTTP/2. Tell the client that it should use HTTP/1.1 for this.
		*/
		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, headers->status, r,
		@@ -139,6 +141,8 @@ h2_headers h2_headers_rcreate(request_rec r, int status,
		"h2_headers(%ld): renegotiate forbidden, cause: %s",
		(long)r->connection->id, cause);
		headers->status = H2_ERR_HTTP_1_1_REQUIRED;
		break;
		}
		}
		}
		if (is_unsafe(r->server)) {