update to new version 2.4.18

author: Jan Kaluza <jkaluza@redhat.com> 2015-12-14 09:43:41 +0100
committer: Jan Kaluza <jkaluza@redhat.com> 2015-12-14 09:43:41 +0100
commit: c791d40a6bdaaea3878c0fcde882db9d7d5a8213 (patch)
tree: e7d4859436590e4c71658e69f010e1db7f64fc53 /httpd-2.4.18-sslmultiproxy.patch
parent: 47b967cd91130a4ccf5e04cb7a3cf25c997f082d (diff)
download: httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.tar.gz
httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.tar.xz
httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.zip
1 files changed, 98 insertions, 0 deletions
diff --git a/httpd-2.4.18-sslmultiproxy.patch b/httpd-2.4.18-sslmultiproxy.patch
new file mode 100644
index 0000000..3f00f3f
--- /dev/null
+++ b/httpd-2.4.18-sslmultiproxy.patch
@@ -0,0 +1,98 @@
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+index 717a694..a3ce718 100644
+--- a/modules/ssl/mod_ssl.c
++++ b/modules/ssl/mod_ssl.c
+@@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
+     return sslconn;
+ }
+ 
++static typeof(ssl_proxy_enable) *othermod_proxy_enable;
++static typeof(ssl_engine_disable) *othermod_engine_disable;
++
+ int ssl_proxy_enable(conn_rec *c)
+ {
+     SSLSrvConfigRec *sc;
+@@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c)
+     sc = mySrvConfig(sslconn->server);
+ 
+     if (!sc->proxy_enabled) {
++        if (othermod_proxy_enable) {
++            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
++                          "mod_ssl proxy not configured, passing through to other module.");
++            return othermod_proxy_enable(c);
++        }
++
+         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
+                       "SSL Proxy requested for %s but not enabled "
+                       "[Hint: SSLProxyEngine]", sc->vhost_id);
+@@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c)
+ 
+     SSLConnRec *sslconn = myConnConfig(c);
+ 
++    if (othermod_engine_disable) {
++        othermod_engine_disable(c);
++    }
++
+     if (sslconn) {
+         sc = mySrvConfig(sslconn->server);
+     }
+@@ -621,6 +634,9 @@ static void ssl_register_hooks(apr_pool_t *p)
+     ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
+ 
+     ssl_var_register(p);
++    
++    othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
++    othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
+ 
+     APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+     APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
+diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
+index a6b0d0d..24fd8c7 100644
+--- a/modules/ssl/ssl_engine_vars.c
++++ b/modules/ssl/ssl_engine_vars.c
+@@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char
+ static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
+ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
+ static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
++static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
++static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
+ 
+ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
+ {
+@@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
+ static int ssl_is_https(conn_rec *c)
+ {
+     SSLConnRec *sslconn = ssl_get_effective_config(c);
+-    return sslconn && sslconn->ssl;
++
++    return (sslconn && sslconn->ssl)
++        || (othermod_is_https && othermod_is_https(c));
+ }
+ 
+ static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
+@@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p)
+ {
+     char *cp, *cp2;
+ 
++    othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
++    othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
++
+     APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+     APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+     APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
+@@ -272,6 +279,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
+      */
+     if (result == NULL && c != NULL) {
+         SSLConnRec *sslconn = ssl_get_effective_config(c);
++
++        if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
++            && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
++            /* For an SSL_* variable, if mod_ssl is not enabled for
++             * this connection and another SSL module is present, pass
++             * through to that module. */
++            return othermod_var_lookup(p, s, c, r, var);
++        }
++
+         if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
+             && sslconn && sslconn->ssl)
+             result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
author	Jan Kaluza <jkaluza@redhat.com>	2015-12-14 09:43:41 +0100
committer	Jan Kaluza <jkaluza@redhat.com>	2015-12-14 09:43:41 +0100
commit	c791d40a6bdaaea3878c0fcde882db9d7d5a8213 (patch)
tree	e7d4859436590e4c71658e69f010e1db7f64fc53 /httpd-2.4.18-sslmultiproxy.patch
parent	47b967cd91130a4ccf5e04cb7a3cf25c997f082d (diff)
download	httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.tar.gz httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.tar.xz httpd-c791d40a6bdaaea3878c0fcde882db9d7d5a8213.zip