]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8fd9a81)
PR:
authorDoug MacEachern <dougm@apache.org>
Tue, 2 Apr 2002 17:30:08 +0000 (17:30 +0000)
committerDoug MacEachern <dougm@apache.org>
Tue, 2 Apr 2002 17:30:08 +0000 (17:30 +0000)
Obtained from:
Submitted by:
Reviewed by:    Ryan Bloom
ap_remove_output_filter no longer works for connection filters.
change logic in the case of "HTTP spoken on HTTPS port" to disable the
ssl filters rather than attempt to remove the filters.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94393 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.c patch | blob | history
modules/ssl/ssl_engine_io.c patch | blob | history

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 12a0986a53fbc17e3ee592ac4ece00e57ae55323..1bf3fa949b337a2aea1e631a17bd8cc350a1e00f 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -416,10 +416,9 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
                 /*
                  * The case where OpenSSL has recognized a HTTP request:
                  * This means the client speaks plain HTTP on our HTTPS port.
-                 * Hmmmm...  Punt this out of here after removing our output
-                 * filter.
+                 * ssl_io_filter_error will disable the ssl filters when it
+                 * sees this status code.
                  */
-                ap_remove_output_filter(filter->pOutputFilter);
                 return HTTP_BAD_REQUEST;
             }
             else if ((SSL_get_error(filter->pssl, n) == SSL_ERROR_SYSCALL) &&
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 076d2770a3e087b785892c33afddb571592335b4..da7a8a23a92623940f21e9ee5c7052e878f582c9 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -743,6 +743,13 @@ static apr_status_t ssl_io_input_getline(ssl_io_input_ctx_t *ctx,
                                sizeof(HTTP_ON_HTTPS_PORT) - 1, \
                                alloc)
 
+static void ssl_io_filter_disable(ap_filter_t *f)
+{
+    ssl_io_input_ctx_t *ctx = f->ctx;
+    ctx->inbio.ssl = NULL;
+    ctx->frec->pssl = NULL;
+}
+
 static apr_status_t ssl_io_filter_error(ap_filter_t *f,
                                         apr_bucket_brigade *bb,
                                         apr_status_t status)
@@ -758,6 +765,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
 
             /* fake the request line */
             bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+            ssl_io_filter_disable(f);
             break;
 
       default:
@@ -781,6 +789,10 @@ static apr_status_t ssl_io_filter_Input(ap_filter_t *f,
     apr_size_t len = sizeof(ctx->buffer);
     int is_init = (mode == AP_MODE_INIT);
 
+    if (!ctx->inbio.ssl) {
+        return ap_get_brigade(f->next, bb, mode, block, readbytes);
+    }
+
     /* XXX: we don't currently support anything other than these modes. */
     if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE && 
         mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
Unnamed repository; edit this file 'description' to name the repository.