Attachment 26343 Details for Bug 50332 – Added mod_proxy_http SSL error message (2.2.x)

[patch] Added mod_proxy_http SSL error message (2.2.x)

httpd-2.2.x.proxyPatch (text/plain), 3.00 KB, created by Daniel Ruggeri on 2010-11-25 09:57:47 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Ruggeri

Created: 2010-11-25 09:57:47 UTC

Size: 3.00 KB

patch

obsolete

>Index: httpd-2.2.x/STATUS
>===================================================================
>--- httpd-2.2.x/STATUS	(revision 1037345)
>+++ httpd-2.2.x/STATUS	(working copy)
>@@ -184,6 +184,14 @@
>      enabling/disabling the basic capability is not split out into mod_unixd 2.2.x.
>      +1: trawick
> 
>+   * mod_proxy_http: Become aware of ssl handshake failures when attempting
>+     to pass request. Makes it so workers are put in error state when a
>+     handshake failure is encountered.
>+     PR50332
>+     Trunk patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26339
>+     2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26338
>+     druggeri: Need doc update?
>+
> PATCHES/ISSUES THAT ARE STALLED
> 
>   * core: Support wildcards in both the directory and file components of
>Index: httpd-2.2.x/modules/proxy/mod_proxy_http.c
>===================================================================
>--- httpd-2.2.x/modules/proxy/mod_proxy_http.c	(revision 1037345)
>+++ httpd-2.2.x/modules/proxy/mod_proxy_http.c	(working copy)
>@@ -272,6 +272,12 @@
>                      "proxy: pass request body failed to %pI (%s)",
>                      conn->addr, conn->hostname);
>         if (origin->aborted) { 
>+            if(strcmp(apr_table_get(origin->notes, "SSL_connect_rv"), "err") == 0){
>+                conn->worker->s->status |= PROXY_WORKER_IN_ERROR;
>+                conn->worker->s->error_time = apr_time_now();
>+                return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
>+                                     "Error during SSL Handshake with remote server");
>+            }
>             return APR_STATUS_IS_TIMEUP(status) ? HTTP_GATEWAY_TIME_OUT : HTTP_BAD_GATEWAY;
>         }
>         else { 
>Index: httpd-2.2.x/modules/ssl/ssl_engine_io.c
>===================================================================
>--- httpd-2.2.x/modules/ssl/ssl_engine_io.c	(revision 1037345)
>+++ httpd-2.2.x/modules/ssl/ssl_engine_io.c	(working copy)
>@@ -1065,6 +1065,7 @@
>             ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
>             /* ensure that the SSL structures etc are freed, etc: */
>             ssl_filter_io_shutdown(filter_ctx, c, 1);
>+            apr_table_set(c->notes, "SSL_connect_rv", "err");
>             return HTTP_BAD_GATEWAY;
>         }
> 
>@@ -1082,6 +1083,7 @@
>                 }
>                 /* ensure that the SSL structures etc are freed, etc: */
>                 ssl_filter_io_shutdown(filter_ctx, c, 1);
>+                apr_table_set(c->notes, "SSL_connect_rv", "err");
>                 return HTTP_BAD_GATEWAY;
>             }
>             X509_free(cert);
>@@ -1101,10 +1103,12 @@
>                               hostname, hostname_note);
>                 /* ensure that the SSL structures etc are freed, etc: */
>                 ssl_filter_io_shutdown(filter_ctx, c, 1);
>+                apr_table_set(c->notes, "SSL_connect_rv", "err");
>                 return HTTP_BAD_GATEWAY;
>             }
>         }
> 
>+        apr_table_set(c->notes, "SSL_connect_rv", "ok");
>         return APR_SUCCESS;
>     }
>

Actions: View | Diff

Attachments on bug 50332: 26337 | 26338 | 26339 | 26341 | 26342 | 26343 | 26344 | 26345 | 26346 | 26374 | 26450