ASF Bugzilla – Attachment 35875 Details for
Bug 61519
"SSLEngine optional" and http:// redirects if traling slash in the url is missing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
r1829250 against 2.4.33
modssl_request_is_tls.patch (text/plain), 3.73 KB, created by
Yann Ylavic
on 2018-04-16 10:53:10 UTC
(
hide
)
Description:
r1829250 against 2.4.33
Filename:
MIME Type:
Creator:
Yann Ylavic
Created:
2018-04-16 10:53:10 UTC
Size:
3.73 KB
patch
obsolete
>Index: modules/ssl/mod_ssl.c >=================================================================== >--- modules/ssl/mod_ssl.c (revision 1829250) >+++ modules/ssl/mod_ssl.c (working copy) >@@ -618,24 +618,12 @@ int ssl_init_ssl_connection(conn_rec *c, request_r > > static const char *ssl_hook_http_scheme(const request_rec *r) > { >- SSLSrvConfigRec *sc = mySrvConfig(r->server); >- >- if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { >- return NULL; >- } >- >- return "https"; >+ return modssl_request_is_tls(r, NULL) ? "https" : NULL; > } > > static apr_port_t ssl_hook_default_port(const request_rec *r) > { >- SSLSrvConfigRec *sc = mySrvConfig(r->server); >- >- if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { >- return 0; >- } >- >- return 443; >+ return modssl_request_is_tls(r, NULL) ? 443 : 0; > } > > static int ssl_hook_pre_connection(conn_rec *c, void *csd) >Index: modules/ssl/ssl_engine_kernel.c >=================================================================== >--- modules/ssl/ssl_engine_kernel.c (revision 1829250) >+++ modules/ssl/ssl_engine_kernel.c (working copy) >@@ -1336,8 +1336,6 @@ static const char *const ssl_hook_Fixup_vars[] = { > > int ssl_hook_Fixup(request_rec *r) > { >- SSLConnRec *sslconn = myConnConfig(r->connection); >- SSLSrvConfigRec *sc = mySrvConfig(r->server); > SSLDirConfigRec *dc = myDirConfig(r); > apr_table_t *env = r->subprocess_env; > char *var, *val = ""; >@@ -1348,14 +1346,7 @@ int ssl_hook_Fixup(request_rec *r) > SSL *ssl; > int i; > >- if (!(sslconn && sslconn->ssl) && r->connection->master) { >- sslconn = myConnConfig(r->connection->master); >- } >- >- /* >- * Check to see if SSL is on >- */ >- if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) { >+ if (!modssl_request_is_tls(r, &ssl)) { > return DECLINED; > } > >Index: modules/ssl/ssl_private.h >=================================================================== >--- modules/ssl/ssl_private.h (revision 1829250) >+++ modules/ssl/ssl_private.h (working copy) >@@ -1075,6 +1075,11 @@ void ssl_init_ocsp_certificates(server_rec *s, mod > * memory. */ > DH *modssl_get_dh_params(unsigned keylen); > >+/* Returns non-zero if the request is using SSL/TLS. If ssl is >+ * non-NULL and the request is using SSL/TLS, sets *ssl to the >+ * corresponding SSL structure for the connectbion. */ >+int modssl_request_is_tls(const request_rec *r, SSL **ssl); >+ > int ssl_is_challenge(conn_rec *c, const char *servername, > X509 **pcert, EVP_PKEY **pkey); > >Index: modules/ssl/ssl_util.c >=================================================================== >--- modules/ssl/ssl_util.c (revision 1829250) >+++ modules/ssl/ssl_util.c (working copy) >@@ -106,6 +106,23 @@ BOOL ssl_util_vhost_matches(const char *servername > return FALSE; > } > >+int modssl_request_is_tls(const request_rec *r, SSL **ssl) >+{ >+ SSLConnRec *sslconn = myConnConfig(r->connection); >+ SSLSrvConfigRec *sc = mySrvConfig(r->server); >+ >+ if (!(sslconn && sslconn->ssl) && r->connection->master) { >+ sslconn = myConnConfig(r->connection->master); >+ } >+ >+ if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl) >+ return 0; >+ >+ if (ssl) *ssl = sslconn->ssl; >+ >+ return 1; >+} >+ > apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, > const char * const *argv) > { >Index: . >=================================================================== >--- . (revision 1829250) >+++ . (working copy) > >Property changes on: . >___________________________________________________________________ >Modified: svn:mergeinfo >## -0,0 +0,1 ## > Merged /httpd/httpd/trunk:r1829250
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=35875">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 61519
: 35875