mod_proxy/ssl: Proxy SSL client certificate (efc0a47d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.5.1

		*) mod_proxy/ssl: Proxy SSL client certificate configuration and other proxy
		SSL configurations broken inside <Proxy> context. PR 63430.
		[Ruediger Pluem, Yann Ylavic]

		*) mod_reqtimeout: Fix default rates missing (not applied) in 2.4.39.
		PR 63325. [Yann Ylavic]

+3 −6

Original line number	Diff line number	Diff line
		@@ -2107,13 +2107,10 @@ static int proxy_http_handler(request_rec r, proxy_worker worker,
		}

		/* Step Three: Create conn_rec */
		req->origin = backend->connection;
		if (!req->origin) {
		if ((status = ap_proxy_connection_create_ex(proxy_function,
		backend, r)) != OK)
		break;
		req->origin = backend->connection;
		}

		/* Don't recycle the connection if prefetch (above) told not to do so */
		if (toclose) {

+10 −0

Original line number	Diff line number	Diff line
		@@ -492,10 +492,20 @@ static SSLConnRec ssl_init_connection_ctx(conn_rec c,
		SSLConnRec *sslconn = myConnConfig(c);
		int need_setup = 0;

		/* mod_proxy's (r->)per_dir_config has the lifetime of the request, thus
		* it uses ssl_engine_set() to reset sslconn->dc when reusing SSL backend
		* connections, so we must fall through here. But in the case where we are
		* called from ssl_init_ssl_connection() with no per_dir_config (which also
		* includes mod_proxy's later run_pre_connection call), sslconn->dc should
		* be preserved if it's already set.
		*/
		if (!sslconn) {
		sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
		need_setup = 1;
		}
		else if (!new_proxy) {
		return sslconn;
		}

		/* Reinit dc in any case because it may be r->per_dir_config scoped
		* and thus a caller like mod_proxy needs to update it per request.