* Use the correct server name for SNI in case the backend SSL connection itself

  is established via a proxy server.

PR: 57139
Submitted by: Szabolcs Gyurko <szabolcs gyurko.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1634120 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 30e58e1fa99b54924146b19796729370f24b79d7..1af338b61d0c68336c5f9ee565020b8a380103b8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_proxy: Use the correct server name for SNI in case the backend
+     SSL connection itself is established via a proxy server.
+     PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
+
   *) mod_ssl: Do not crash when looking up SSL related variables during
      expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
 

diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index da4c0ef23d351fe936008117c83cdd9f2d2aa9fe..2ffebf80d54992859601e57436d74166c7677316 100644 (file)
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2429,6 +2429,10 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
         if (dconf->preserve_host) {
             ssl_hostname = r->hostname;
         }
+        else if (conn->forward
+                 && ((forward_info *)(conn->forward))->use_http_connect) {
+            ssl_hostname = ((forward_info *)conn->forward)->target_host;
+        }
         else {
             ssl_hostname = conn->hostname;
         }