Commit 4aff0cdd authored by Joe Orton's avatar Joe Orton
Browse files

Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown 

setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate.  (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@161958 13f79535-47bb-0310-9956-ffa450edef68
parent 6c2a57fc

mod_ssl.c

+5 −2
Original line number Diff line number Diff line
@@ -478,6 +478,10 @@ static void ssl_hook_Insert_Filter(request_rec *r) 


static void ssl_register_hooks(apr_pool_t *p)

{

    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must

     * run after mod_setenvif's post_read_request hook. */ 

    static const char *pre_prr[] = { "mod_setenvif.c", NULL };



    ssl_io_filter_register(p);



    ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -487,12 +491,11 @@ static void ssl_register_hooks(apr_pool_t *p) 
    ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);

    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);

    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);

    ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);

/*    ap_hook_handler       (ssl_hook_Upgrade,       NULL,NULL, APR_HOOK_MIDDLE); */

ssl_engine_kernel.c

+27 −37
Original line number Diff line number Diff line
@@ -30,6 +30,8 @@ 
                                            -- Unknown                */

#include "ssl_private.h"



static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);



/*

 *  Post Read Request Handler

 */
@@ -81,8 +83,31 @@ int ssl_hook_ReadReq(request_rec *r) 
     * Get the SSL connection structure and perform the

     * delayed interlinking from SSL back to request_rec

     */

    if ((ssl = sslconn->ssl)) {

    ssl = sslconn->ssl;

    if (!ssl) {

        return DECLINED;

    }

    SSL_set_app_data2(ssl, r);



    /*

     * Log information about incoming HTTPS requests

     */

    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {

        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,

                     "%s HTTPS request received for child %ld (server %s)",

                     (r->connection->keepalives <= 0 ?

                     "Initial (No.1)" :

                     apr_psprintf(r->pool, "Subsequent (No.%d)",

                                  r->connection->keepalives+1)),

                     r->connection->id,

                     ssl_util_vhostid(r->pool, r->server));

    }



    /* SetEnvIf ssl-*-shutdown flags can only be per-server,

     * so they won't change across keepalive requests

     */

    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {

        ssl_configure_env(r, sslconn);

    }



    return DECLINED;
@@ -125,41 +150,6 @@ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn) 
    }

}



/*

 *  URL Translation Handler

 */

int ssl_hook_Translate(request_rec *r)

{

    SSLConnRec *sslconn = myConnConfig(r->connection);



    if (!(sslconn && sslconn->ssl)) {

        return DECLINED;

    }



    /*

     * Log information about incoming HTTPS requests

     */

    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {

        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,

                     "%s HTTPS request received for child %ld (server %s)",

                     (r->connection->keepalives <= 0 ?

                     "Initial (No.1)" :

                     apr_psprintf(r->pool, "Subsequent (No.%d)",

                                  r->connection->keepalives+1)),

                     r->connection->id,

                     ssl_util_vhostid(r->pool, r->server));

    }



    /* SetEnvIf ssl-*-shutdown flags can only be per-server,

     * so they won't change across keepalive requests

     */

    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {

        ssl_configure_env(r, sslconn);

    }



    return DECLINED;

}



/*

 *  Access Handler

 */

ssl_private.h

+0 −1
Original line number Diff line number Diff line
@@ -531,7 +531,6 @@ void ssl_init_Child(apr_pool_t *, server_rec *); 
apr_status_t ssl_init_ModuleKill(void *data);



/*  Apache API hooks  */

int          ssl_hook_Translate(request_rec *);

int          ssl_hook_Auth(request_rec *);

int          ssl_hook_UserCheck(request_rec *);

int          ssl_hook_Access(request_rec *);