ASF Bugzilla – Attachment 28658 Details for
Bug 53134
SNI with Host header preservation through reverse proxy
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
use Host header for SNI data if ProxyPreserveHost is on
httpd-trunk-20120422-reverse_proxy_sni.patch (text/plain), 2.30 KB, created by
Michael Weiser
on 2012-04-23 14:33:21 UTC
(
hide
)
Description:
use Host header for SNI data if ProxyPreserveHost is on
Filename:
MIME Type:
Creator:
Michael Weiser
Created:
2012-04-23 14:33:21 UTC
Size:
2.30 KB
patch
obsolete
>Index: modules/proxy/mod_proxy_http.c >=================================================================== >--- modules/proxy/mod_proxy_http.c (revision 1328893) >+++ modules/proxy/mod_proxy_http.c (working copy) >@@ -2234,11 +2234,43 @@ > /* > * On SSL connections set a note on the connection what CN is > * requested, such that mod_ssl can check if it is requested to do >- * so. >+ * so. This note will also be used for providing SNI information to >+ * the server. Since it will complain if Host header and SNI data >+ * do not match, we also check, if preservation of Host header is >+ * configured and if so, derive the hostname we use for CN check >+ * and SNI note from it. > */ > if (is_ssl) { >+ const proxy_dir_conf* dconf; >+ >+ /* use hostname from request URI by default */ >+ const char* ssl_hostname = uri->hostname; >+ >+ dconf = ap_get_module_config(r->per_dir_config, &proxy_module); >+ if (dconf->preserve_host != 0) { >+ const char *host = apr_table_get(r->headers_in, "Host"); >+ >+ /* if there is no Host header in the incoming request, >+ * leave ssl_hostname set to hostname from request URI */ >+ if (host) { >+ apr_uri_t *info = apr_palloc(p, sizeof(*info)); >+ >+ /* Host header might contain a port which at least the >+ * CN check does not like */ >+ if (apr_uri_parse_hostinfo(p, host, info) != APR_SUCCESS) { >+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() >+ "HTTP: error parsing Host header (%s) to preserve " >+ "for SSL CN check/SNI", host); >+ status = HTTP_SERVICE_UNAVAILABLE; >+ break; >+ } >+ >+ ssl_hostname = info->hostname; >+ } >+ } >+ > apr_table_set(backend->connection->notes, "proxy-request-hostname", >- uri->hostname); >+ ssl_hostname); > } > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 53134
: 28658 |
28697