Commit 8a2940bb authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Merge r1818726 from trunk: 

mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

PR 61857.

Proposed by: Markus Gausling <markusgausling googlemail.com>
Reviewed by: ylavic, rjung, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1859844 13f79535-47bb-0310-9956-ffa450edef68
parent b73b7cec

CHANGES

+3 −0
Original line number Diff line number Diff line 
                                                         -*- coding: utf-8 -*-

Changes with Apache 2.4.40



  *) mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

     PR 61857.  [Markus Gausling <markusgausling googlemail.com>, Yann Ylavic]



  *) mod_reqtimeout: Fix default rates missing (not applied) in 2.4.39.

     PR 63325. [Yann Ylavic]

modules/http2/mod_proxy_http2.c

+0 −8
Original line number Diff line number Diff line
@@ -404,14 +404,6 @@ run_connect: 
             */

            apr_table_setn(ctx->p_conn->connection->notes,

                           "proxy-request-alpn-protos", "h2");

            if (ctx->p_conn->ssl_hostname) {

                ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctx->owner, 

                              "set SNI to %s for (%s)", 

                              ctx->p_conn->ssl_hostname, 

                              ctx->p_conn->hostname);

                apr_table_setn(ctx->p_conn->connection->notes,

                               "proxy-request-hostname", ctx->p_conn->ssl_hostname);

            }

        }

    }

modules/proxy/mod_proxy_http.c

+0 −10
Original line number Diff line number Diff line
@@ -1976,16 +1976,6 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, 
            if ((status = ap_proxy_connection_create_ex(proxy_function,

                                                        backend, r)) != OK)

                break;

            /*

             * On SSL connections set a note on the connection what CN is

             * requested, such that mod_ssl can check if it is requested to do

             * so.

             */

            if (backend->ssl_hostname) {

                apr_table_setn(backend->connection->notes,

                               "proxy-request-hostname",

                               backend->ssl_hostname);

            }

        }



        /* Step Four: Send the Request

modules/proxy/proxy_util.c

+7 −0
Original line number Diff line number Diff line
@@ -3220,6 +3220,13 @@ static int proxy_connection_create(const char *proxy_function, 
                         backend_addr, conn->hostname);

            return HTTP_INTERNAL_SERVER_ERROR;

        }

        if (conn->ssl_hostname) {

            /* Set a note on the connection about what CN is requested,

             * such that mod_ssl can check if it is requested to do so.

             */

            apr_table_setn(conn->connection->notes, "proxy-request-hostname",

                           conn->ssl_hostname);

        }

    }

    else {

        /* TODO: See if this will break FTP */