Commit 77516ebf authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Merge r1859371, r1859422 from trunk: 

mod_proxy/ssl: Proxy SSL client certificate
configuration and other proxy SSL configurations
broken inside <Proxy> context.
PR 63430
Triggered by r1855646+r1855748.
Patch from rpluem (proxy) and ylavic (ssl).


Follow up to r1859371: extend to other ap_proxy_connection_create[_ex]() users.

This function now now handles SSL reuse as well as the "proxy-request-hostname"
note (SNI), so let's also call it unconditionnaly in all proxy modules.

On the mod_ssl side, since this note has the lifetime of the connection, don't
reset/unset it during handshake (ssl_io_filter_handshake).


Submitted by: rjung, ylavic
Reviewed by: rjung, rpluem, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1859845 13f79535-47bb-0310-9956-ffa450edef68
parent 8a2940bb

CHANGES

+4 −0
Original line number Diff line number Diff line 
                                                         -*- coding: utf-8 -*-

Changes with Apache 2.4.40



  *) mod_proxy/ssl: Proxy SSL client certificate configuration and other proxy

     SSL configurations broken inside <Proxy> context.  PR 63430.

     [Ruediger Pluem, Yann Ylavic]



  *) mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

     PR 61857.  [Markus Gausling <markusgausling googlemail.com>, Yann Ylavic]

modules/http2/mod_proxy_http2.c

+16 −18
Original line number Diff line number Diff line
@@ -387,7 +387,6 @@ run_connect: 
    }

    

    /* Step Three: Create conn_rec for the socket we have open now. */

    if (!ctx->p_conn->connection) {

    status = ap_proxy_connection_create_ex(ctx->proxy_func, ctx->p_conn, ctx->r);

    if (status != OK) {

        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, ctx->owner, APLOGNO(03353)
@@ -405,7 +404,6 @@ run_connect: 
        apr_table_setn(ctx->p_conn->connection->notes,

                       "proxy-request-alpn-protos", "h2");

    }

    }



    if (ctx->master->aborted) goto cleanup;

    status = ctx_run(ctx);

modules/proxy/mod_proxy_ftp.c

+4 −6
Original line number Diff line number Diff line
@@ -1180,13 +1180,11 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, 
        return HTTP_SERVICE_UNAVAILABLE;

    }



    if (!backend->connection) {

    status = ap_proxy_connection_create_ex("FTP", backend, r);

    if (status != OK) {

        proxy_ftp_cleanup(r, backend);

        return status;

    }

    }



    /* Use old naming */

    origin = backend->connection;

modules/proxy/mod_proxy_hcheck.c

+2 −4
Original line number Diff line number Diff line
@@ -762,11 +762,9 @@ static apr_status_t hc_check_http(baton_t *baton) 
    }



    r = create_request_rec(ptemp, ctx->s, baton->balancer, wctx->method);

    if (!backend->connection) {

    if ((status = ap_proxy_connection_create_ex("HCOH", backend, r)) != OK) {

        return backend_cleanup("HCOH", backend, ctx->s, status);

    }

    }

    set_request_connection(r, backend->connection);



    bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);

modules/proxy/mod_proxy_http.c

+3 −5
Original line number Diff line number Diff line
@@ -1972,11 +1972,9 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, 
        }



        /* Step Three: Create conn_rec */

        if (!backend->connection) {

        if ((status = ap_proxy_connection_create_ex(proxy_function,

                                                    backend, r)) != OK)

            break;

        }



        /* Step Four: Send the Request

         * On the off-chance that we forced a 100-Continue as a