Attachment 28658 Details for Bug 53134 – use Host header for SNI data if ProxyPreserveHost is on

[patch] use Host header for SNI data if ProxyPreserveHost is on

httpd-trunk-20120422-reverse_proxy_sni.patch (text/plain), 2.30 KB, created by Michael Weiser on 2012-04-23 14:33:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Weiser

Created: 2012-04-23 14:33:21 UTC

Size: 2.30 KB

patch

obsolete

>Index: modules/proxy/mod_proxy_http.c
>===================================================================
>--- modules/proxy/mod_proxy_http.c	(revision 1328893)
>+++ modules/proxy/mod_proxy_http.c	(working copy)
>@@ -2234,11 +2234,43 @@
>             /*
>              * On SSL connections set a note on the connection what CN is
>              * requested, such that mod_ssl can check if it is requested to do
>-             * so.
>+             * so. This note will also be used for providing SNI information to
>+             * the server. Since it will complain if Host header and SNI data
>+             * do not match, we also check, if preservation of Host header is
>+             * configured and if so, derive the hostname we use for CN check
>+             * and SNI note from it.
>              */
>             if (is_ssl) {
>+                const proxy_dir_conf* dconf;
>+
>+                /* use hostname from request URI by default */
>+                const char* ssl_hostname = uri->hostname;
>+
>+                dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
>+                if (dconf->preserve_host != 0) {
>+                    const char *host = apr_table_get(r->headers_in, "Host");
>+
>+                    /* if there is no Host header in the incoming request,
>+                     * leave ssl_hostname set to hostname from request URI */
>+                    if (host) {
>+                        apr_uri_t *info = apr_palloc(p, sizeof(*info));
>+
>+                        /* Host header might contain a port which at least the
>+                         * CN check does not like */
>+                        if (apr_uri_parse_hostinfo(p, host, info) != APR_SUCCESS) {
>+                            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
>+                                "HTTP: error parsing Host header (%s) to preserve "
>+                                "for SSL CN check/SNI", host);
>+                            status = HTTP_SERVICE_UNAVAILABLE;
>+                            break;
>+                        }
>+
>+                        ssl_hostname = info->hostname;
>+                    }
>+                }
>+
>                 apr_table_set(backend->connection->notes, "proxy-request-hostname",
>-                              uri->hostname);
>+                              ssl_hostname);
>             }
>         }
>

Actions: View | Diff

Attachments on bug 53134: 28658 | 28697