From 6f8ed54a98a45124589d38378676b348af3bd44c Mon Sep 17 00:00:00 2001 From: Dominik Stillhard Date: Wed, 24 Oct 2018 10:43:32 +0200 Subject: [PATCH] SNI extention healthchecks --- modules/http2/mod_proxy_http2.c | 21 ++++++--------------- modules/proxy/mod_proxy_hcheck.c | 1 + modules/proxy/mod_proxy_http.c | 18 ++++-------------- modules/proxy/proxy_util.c | 7 +++++++ 4 files changed, 18 insertions(+), 29 deletions(-) diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c index a7e0dcd..a017d39 100644 --- a/modules/http2/mod_proxy_http2.c +++ b/modules/http2/mod_proxy_http2.c @@ -590,21 +590,12 @@ run_connect: goto reconnect; } - if (!ctx->p_conn->data) { - /* New conection: set a note on the connection what CN is - * requested and what protocol we want */ - if (ctx->p_conn->ssl_hostname) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, ctx->owner, - "set SNI to %s for (%s)", - ctx->p_conn->ssl_hostname, - ctx->p_conn->hostname); - apr_table_setn(ctx->p_conn->connection->notes, - "proxy-request-hostname", ctx->p_conn->ssl_hostname); - } - if (ctx->is_ssl) { - apr_table_setn(ctx->p_conn->connection->notes, - "proxy-request-alpn-protos", "h2"); - } + if (!ctx->p_conn->data && ctx->is_ssl) { + /* New SSL connection: set a note on the connection about what + * protocol we want. + */ + apr_table_setn(ctx->p_conn->connection->notes, + "proxy-request-alpn-protos", "h2"); } } diff --git a/modules/proxy/mod_proxy_hcheck.c b/modules/proxy/mod_proxy_hcheck.c index 053a272..4871517 100644 --- a/modules/proxy/mod_proxy_hcheck.c +++ b/modules/proxy/mod_proxy_hcheck.c @@ -617,6 +617,7 @@ static int hc_get_backend(const char *proxy_function, proxy_conn_rec **backend, return !OK; } (*backend)->is_ssl = 1; + (*backend)->ssl_hostname = hc->s->hostname_ex; } } diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 56af9a8..34ad0d7 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1972,20 +1972,10 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, } /* Step Three: Create conn_rec */ - if (!backend->connection) { - if ((status = ap_proxy_connection_create_ex(proxy_function, - backend, r)) != OK) - break; - /* - * On SSL connections set a note on the connection what CN is - * requested, such that mod_ssl can check if it is requested to do - * so. - */ - if (backend->ssl_hostname) { - apr_table_setn(backend->connection->notes, - "proxy-request-hostname", - backend->ssl_hostname); - } + if (!backend->connection && + (status = ap_proxy_connection_create_ex(proxy_function, + backend, r)) != OK) { + break; } /* Step Four: Send the Request diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 6501c68..c0a1f71 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -3203,6 +3203,13 @@ static int proxy_connection_create(const char *proxy_function, backend_addr, conn->hostname); return HTTP_INTERNAL_SERVER_ERROR; } + if (conn->ssl_hostname) { + /* Set a note on the connection about what CN is requested, + * such that mod_ssl can check if it is requested to do so. + */ + apr_table_setn(conn->connection->notes, "proxy-request-hostname", + conn->ssl_hostname); + } } else { /* TODO: See if this will break FTP */ -- 2.7.4