ASF Bugzilla – Attachment 26343 Details for
Bug 50332
mod_proxy_http is not aware of SSL handshake failures
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Added mod_proxy_http SSL error message (2.2.x)
httpd-2.2.x.proxyPatch (text/plain), 3.00 KB, created by
Daniel Ruggeri
on 2010-11-25 09:57:47 UTC
(
hide
)
Description:
Added mod_proxy_http SSL error message (2.2.x)
Filename:
MIME Type:
Creator:
Daniel Ruggeri
Created:
2010-11-25 09:57:47 UTC
Size:
3.00 KB
patch
obsolete
>Index: httpd-2.2.x/STATUS >=================================================================== >--- httpd-2.2.x/STATUS (revision 1037345) >+++ httpd-2.2.x/STATUS (working copy) >@@ -184,6 +184,14 @@ > enabling/disabling the basic capability is not split out into mod_unixd 2.2.x. > +1: trawick > >+ * mod_proxy_http: Become aware of ssl handshake failures when attempting >+ to pass request. Makes it so workers are put in error state when a >+ handshake failure is encountered. >+ PR50332 >+ Trunk patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26339 >+ 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=26338 >+ druggeri: Need doc update? >+ > PATCHES/ISSUES THAT ARE STALLED > > * core: Support wildcards in both the directory and file components of >Index: httpd-2.2.x/modules/proxy/mod_proxy_http.c >=================================================================== >--- httpd-2.2.x/modules/proxy/mod_proxy_http.c (revision 1037345) >+++ httpd-2.2.x/modules/proxy/mod_proxy_http.c (working copy) >@@ -272,6 +272,12 @@ > "proxy: pass request body failed to %pI (%s)", > conn->addr, conn->hostname); > if (origin->aborted) { >+ if(strcmp(apr_table_get(origin->notes, "SSL_connect_rv"), "err") == 0){ >+ conn->worker->s->status |= PROXY_WORKER_IN_ERROR; >+ conn->worker->s->error_time = apr_time_now(); >+ return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, >+ "Error during SSL Handshake with remote server"); >+ } > return APR_STATUS_IS_TIMEUP(status) ? HTTP_GATEWAY_TIME_OUT : HTTP_BAD_GATEWAY; > } > else { >Index: httpd-2.2.x/modules/ssl/ssl_engine_io.c >=================================================================== >--- httpd-2.2.x/modules/ssl/ssl_engine_io.c (revision 1037345) >+++ httpd-2.2.x/modules/ssl/ssl_engine_io.c (working copy) >@@ -1065,6 +1065,7 @@ > ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server); > /* ensure that the SSL structures etc are freed, etc: */ > ssl_filter_io_shutdown(filter_ctx, c, 1); >+ apr_table_set(c->notes, "SSL_connect_rv", "err"); > return HTTP_BAD_GATEWAY; > } > >@@ -1082,6 +1083,7 @@ > } > /* ensure that the SSL structures etc are freed, etc: */ > ssl_filter_io_shutdown(filter_ctx, c, 1); >+ apr_table_set(c->notes, "SSL_connect_rv", "err"); > return HTTP_BAD_GATEWAY; > } > X509_free(cert); >@@ -1101,10 +1103,12 @@ > hostname, hostname_note); > /* ensure that the SSL structures etc are freed, etc: */ > ssl_filter_io_shutdown(filter_ctx, c, 1); >+ apr_table_set(c->notes, "SSL_connect_rv", "err"); > return HTTP_BAD_GATEWAY; > } > } > >+ apr_table_set(c->notes, "SSL_connect_rv", "ok"); > return APR_SUCCESS; > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 50332
:
26337
|
26338
|
26339
|
26341
|
26342
|
26343
|
26344
|
26345
|
26346
|
26374
|
26450