mod_ssl: Fix issue with redirects to error documents when handling
SNI errors.
Submitted by: trawick
Reviewed by: minfrin, rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1610326 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.10
+ *) mod_ssl: Fix issue with redirects to error documents when handling
+ SNI errors. [Jeff Trawick]
+
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys. [Ruediger Pluem,
Joe Orton]
ylavic: does not depend on r1572092 or r1572655 and al above,
these proposals can be backported in any order.
- * mod_ssl: Fix issue with redirects to error documents when handling
- SNI errors.
- trunk patch: http://svn.apache.org/r1609914
- 2.4.x patch: Trunk patch works modulo CHANGES.
- +1: trawick, minfrin, rjung
-
* mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck
trunk patch: http://svn.apache.org/r1609936
return DECLINED;
}
#ifdef HAVE_TLSEXT
- if (r->proxyreq != PROXYREQ_PROXY) {
+ /*
+ * Perform SNI checks only on the initial request. In particular,
+ * if these checks detect a problem, the checks shouldn't return an
+ * error again when processing an ErrorDocument redirect for the
+ * original problem.
+ */
+ if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
char *host, *scope_id;
apr_port_t port;
projects / apache / commitdiff