* Use the correct server name for SNI in case the backend SSL connection itself
is established via a proxy server.
PR: 57139
Submitted by: Szabolcs Gyurko <szabolcs gyurko.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1673941 13f79535-47bb-0310-9956-
ffa450edef68
calls r:wsupgrade() can cause a child process crash.
[Edward Lu <Chaosed0 gmail.com>]
+ *) mod_proxy: Use the correct server name for SNI in case the backend
+ SSL connection itself is established via a proxy server.
+ PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
+
*) mod_ssl: Fix possible crash when loading server certificate constraints.
PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_proxy: Use the correct server name for SNI in case the backend
- SSL connection itself is established via a proxy server. PR 57139
- trunk patch: http://svn.apache.org/r1634120
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: ylavic, rjung, covener
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
if (dconf->preserve_host) {
ssl_hostname = r->hostname;
}
+ else if (conn->forward
+ && ((forward_info *)(conn->forward))->use_http_connect) {
+ ssl_hostname = ((forward_info *)conn->forward)->target_host;
+ }
else {
ssl_hostname = conn->hostname;
}