Created attachment 26337 [details] mod_ssl -> mod_proxy note via conn_rec In the event an SSL handshake from the httpd proxy to a backend fails, mod_proxy is not aware until it attempts to pass the request. To duplicate, simply stand up an openssl s_server like so: /usr/local/openssl/bin/openssl s_server -cert /root/certs/ssl.crt -key /root/certs/ssl.key -www -accept 8001 -Verify 1 /usr/local/openssl/bin/openssl s_server -cert /root/certs/ssl.crt -key /root/certs/ssl.key -www -accept 8002 And set up a balancer like so: <Proxy balancer://mycluster> BalancerMember https://127.0.0.1:8001 BalancerMember https://127.0.0.1:8002 </Proxy> ProxyPass /test/ balancer://mycluster/ You will find that all requests to /test will attempt to connect, but fail on the first member. Worse yet, since no request ever gets through, the balancer never considers the next member for usage. The attached patch utilizes a note on the conn_rec for mod_proxy_httpd to recognize that a failure has occurred. If a failure has been found, it's too late for that request, but the worker used is put in error state. I am investigating as to whether or not this is needed for 2.3.
Created attachment 26338 [details] Final
Created attachment 26339 [details] Final trunk patch
Patch to do the same on httpd-trunk is attached now.
Created attachment 26341 [details] Added mod_proxy_http SSL error message
Created attachment 26342 [details] Added mod_proxy_http SSL error message (trunk)
Created attachment 26343 [details] Added mod_proxy_http SSL error message (2.2.x) Obsoleted the wrong patch...
Created attachment 26344 [details] Added mod_proxy_http SSL error message (trunk) Uploaded the wrong patch
Created attachment 26345 [details] 2.2.x patch - using HTTP_INTERNAL_SERVER_ERROR
Created attachment 26346 [details] trunk patch - using HTTP_INTERNAL_SERVER_ERROR
Committed as r1039304.
Created attachment 26374 [details] 2.2.x patch - using HTTP_INTERNAL_SERVER_ERROR Removed STATUS proposal from this patch - submitting to DEV list separately.
Created attachment 26450 [details] Updated patch for 2.2.x based on r1039304 and r1053584.
Backported to 2.2.x as r1069773.