From a2c56687f17bdefe258c63b17264d80be2cbd44c Mon Sep 17 00:00:00 2001
From: rcritten <>
Date: Wed, 9 Aug 2006 20:11:45 +0000
Subject: Merge in changes from
 http://svn.apache.org/viewvc?view=rev&revision=290965

Implement a (bounded) buffer of request body data to provide a limited
but safe fix for the mod_nss renegotiation-vs-requests-with-bodies
bug:

* mod_nss.h (nss_io_buffer_fill): Add prototype.

* nss_engine_io.c (nss_io_buffer_fill,
  nss_io_filter_buffer): New functions.

* nss_engine_kernel.c (nss_hook_Access): If a renegotiation is needed,
  and the request has a non-zero content-length, or a t-e header (and
  100-continue was not requested), call nss_io_buffer_fill to set aside
  the request body data if possible, then proceed with the negotiation.

PR: 12355
---
 mod_nss.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'mod_nss.h')

diff --git a/mod_nss.h b/mod_nss.h
index 30c74fa..e60281e 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -447,6 +447,10 @@ apr_file_t  *nss_util_ppopen(server_rec *, apr_pool_t *, const char *,
 void         nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
 char        *nss_util_readfilter(server_rec *, apr_pool_t *, const char *,
                                  const char * const *);
+/* ssl_io_buffer_fill fills the setaside buffering of the HTTP request
+ * to allow an SSL renegotiation to take place. */
+int          nss_io_buffer_fill(request_rec *r);
+
 int nss_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix);
 
 /* Pass Phrase Handling */
-- 
cgit