ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_handler (ssl_hook_Handler, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE);
return APR_SUCCESS;
}
+/* Just use a simple request. Any request will work for this, because
+ * we use a flag in the conn_rec->conn_vector now. The fake request just
+ * gets the request back to the Apache core so that a response can be sent.
+ *
+ * We should probably use a 0.9 request, but the BIO bucket code is calling
+ * socket_bucket_read one extra time with all 0.9 requests from the client.
+ * Until that is resolved, continue to use a 1.0 request, just like we
+ * always have.
+ */
#define HTTP_ON_HTTPS_PORT \
- "GET /mod_ssl:error:HTTP-request HTTP/1.0"
+ "GET / HTTP/1.0"
#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
apr_bucket_brigade *bb,
apr_status_t status)
{
+ SSLConnRec *sslconn = myConnConfig(f->c);
apr_bucket *bucket;
switch (status) {
"trying to send HTML error page");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, f->c->base_server);
+ sslconn->non_ssl_request = 1;
+ ssl_io_filter_disable(f);
+
/* fake the request line */
bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
- ssl_io_filter_disable(f);
break;
default:
return DECLINED;
}
+ if (sslconn->non_ssl_request) {
+ const char *errmsg;
+ char *thisurl;
+ char *thisport = "";
+ int port = ap_get_server_port(r);
+
+ if (!ap_is_default_port(port, r)) {
+ thisport = apr_psprintf(r->pool, ":%u", port);
+ }
+
+ thisurl = ap_escape_html(r->pool,
+ apr_psprintf(r->pool, "https://%s%s/",
+ ap_get_server_name(r),
+ thisport));
+
+ errmsg = apr_psprintf(r->pool,
+ "Reason: You're speaking plain HTTP "
+ "to an SSL-enabled server port.<br />\n"
+ "Instead use the HTTPS scheme to access "
+ "this URL, please.<br />\n"
+ "<blockquote>Hint: "
+ "<a href=\"%s\"><b>%s</b></a></blockquote>",
+ thisurl, thisurl);
+
+ apr_table_setn(r->notes, "error-notes", errmsg);
+ return HTTP_BAD_REQUEST;
+ }
+
/*
* Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec
SSL_set_app_data2(ssl, r);
}
- /*
- * Force the mod_ssl content handler when URL indicates this
- */
- if (strEQn(r->uri, "/mod_ssl:", 9)) {
- r->handler = "mod_ssl:content-handler";
- }
-
return DECLINED;
}
return DECLINED;
}
-/*
- * Content Handler
- */
-int ssl_hook_Handler(request_rec *r)
-{
- if (strNE(r->handler, "mod_ssl:content-handler")) {
- return DECLINED;
- }
-
- if (strNEn(r->uri, "/mod_ssl:", 9)) {
- return DECLINED;
- }
-
- if (strEQ(r->uri, "/mod_ssl:error:HTTP-request")) {
- const char *errmsg;
- char *thisurl;
- char *thisport = "";
- int port = ap_get_server_port(r);
-
- if (!ap_is_default_port(port, r)) {
- thisport = apr_psprintf(r->pool, ":%u", port);
- }
-
- thisurl = ap_escape_html(r->pool,
- apr_psprintf(r->pool, "https://%s%s/",
- ap_get_server_name(r),
- thisport));
-
- errmsg = apr_psprintf(r->pool,
- "Reason: You're speaking plain HTTP "
- "to an SSL-enabled server port.<br />\n"
- "Instead use the HTTPS scheme to access "
- "this URL, please.<br />\n"
- "<blockquote>Hint: "
- "<a href=\"%s\"><b>%s</b></a></blockquote>",
- thisurl, thisurl);
-
- apr_table_setn(r->notes, "error-notes", errmsg);
- }
-
- return HTTP_BAD_REQUEST;
-}
-
/*
* Access Handler
*/
projects / apache / commitdiff