Commit 7156a844 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Merge r1729826, r1729847, r1732986, r1733056 from trunk: 

mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time.

mod_proxy: follow up to r1729826: really copy conn->ssl_hostname.

mod_proxy: follow up to r1729826 + r1729847.
Adjust stacked ssl_hostname maximum size.

mod_proxy: follow up to r1729826 + r1729847 + r1732986.
Don't use magic constants.

Submitted by: ylavic
Reviewed by: ylavic, wrowe, covener, orlikowski


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1777778 13f79535-47bb-0310-9956-ffa450edef68
parent 632f3122

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -51,6 +51,10 @@ Changes with Apache 2.2.32 
  *) mod_proxy: Correctly consider error response codes by the backend when

     processing failonstatus. PR 59869 [Ruediger Pluem]



  *) mod_proxy: Play/restore the TLS-SNI on new backend connections which

     had to be issued because the remote closed the previous/reusable one

     during idle (keep-alive) time.  [Yann Ylavic]



  *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.

     [Jan Kaluza, Yann Ylavic]

modules/proxy/mod_proxy.h

+5 −0
Original line number Diff line number Diff line
@@ -294,6 +294,11 @@ PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR ) 
#define PROXY_WORKER_DEFAULT_RETRY  60

#define PROXY_WORKER_MAX_ROUTE_SIZ  63



/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,

 * dotted together(?) this would fit the below size (+ trailing NUL).

 */

#define PROXY_WORKER_RFC1035_NAME_SIZE  512



/* Scoreboard */

#if MODULE_MAGIC_NUMBER_MAJOR > 20020903

#define PROXY_HAS_SCOREBOARD 1

modules/proxy/proxy_util.c

+17 −0
Original line number Diff line number Diff line
@@ -2522,10 +2522,27 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, 


    if (conn->sock) {

        if (!(connected = is_socket_connected(conn->sock))) {

            /* This clears conn->scpool (and associated data), so backup and

             * restore any ssl_hostname for this connection set earlier by

             * ap_proxy_determine_connection().

             */

            char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];

            if (!conn->ssl_hostname ||

                    conn->ssl_hostname[apr_cpystrn(ssl_hostname,

                                                   conn->ssl_hostname,

                                                   sizeof ssl_hostname) -

                                       ssl_hostname]) {

                ssl_hostname[0] = '\0';

            }



            socket_cleanup(conn);

            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

                         "proxy: %s: backend socket is disconnected.",

                         proxy_function);



            if (ssl_hostname[0]) {

                conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);

            }

        }

    }

    while (backend_addr && !connected) {