mod_proxy_http: Use the same hostname for SNI as for the HTTP request when

  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections

     [Kaspar Brand]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when

     forwarding to SSL backends. PR 53134.

     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits

     in the error log to debug level.  [William Rowe]

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

   * mod_proxy_http: Use the same hostname for SNI as for the HTTP request when

     forwarding to SSL backends.

     PR: 53134

     Based on a patch from: Michael Weiser <michael weiser.dinsnail.net>

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1333969

     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356881

     2.2.x patch: http://people.apache.org/~rjung/patches/mod_proxy_http-fix-hostname-ssl-2_2.patch

     +1: covener, wrowe, rjung (w/r1175416 above applied first)

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

         * so.

         */

        if (is_ssl) {

            const char *ssl_hostname;

            /*

             * In the case of ProxyPreserveHost on use the hostname of

             * the request if present otherwise use the one from the

             * backend request URI.

             */

            if ((conf->preserve_host != 0) && (r->hostname != NULL)) {

                ssl_hostname = r->hostname;

            }

            else {

                ssl_hostname = uri->hostname;

            }

            apr_table_set(backend->connection->notes, "proxy-request-hostname",

                          uri->hostname);

                          ssl_hostname);

        }

    }