mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time.
mod_proxy: follow up to r1729826: really copy conn->ssl_hostname.
mod_proxy: follow up to r1729826 + r1729847.
Adjust stacked ssl_hostname maximum size.
mod_proxy: follow up to r1729826 + r1729847 + r1732986.
Don't use magic constants.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1733474 13f79535-47bb-0310-9956-
ffa450edef68
*) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries
to OCSP responders through a HTTP proxy. [Ruediger Pluem]
+ *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
+ had to be issued because the remote closed the previous/reusable one
+ during idle (keep-alive) time. [Yann Ylavic]
+
*) mod_cache_socache: Fix a possible cached entity body corruption when it
is received from an origin server in multiple batches and forwarded by
mod_proxy. [Yann Ylavic]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
- had to be issued because the remote closed the previous/reusable one
- during idle (keep-alive) time.
- trunk patch: http://svn.apache.org/r1729826
- http://svn.apache.org/r1729847
- http://svn.apache.org/r1732986
- http://svn.apache.org/r1733056
- 2.4.x patch: http://home.apache.org/~ylavic/patches/httpd-2.4.x-mod_proxy-SNI_reuse-v2.patch
- +1: ylavic, icing, jim
-
* prefork: Fix crash in ap_mpm_pod_check call caused by NULL dereference of
its parameter when starting httpd as single process (httpd -X).
trunk patch: http://svn.apache.org/r1711479
#define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
#define PROXY_BALANCER_MAX_STICKY_SIZE 64
+/* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
+ * dotted together(?) this would fit the below size (+ trailing NUL).
+ */
+#define PROXY_WORKER_RFC1035_NAME_SIZE 512
+
#define PROXY_MAX_PROVIDER_NAME_SIZE 16
#define PROXY_STRNCPY(dst, src) ap_proxy_strncpy((dst), (src), (sizeof(dst)))
if (conn->sock) {
if (!(connected = is_socket_connected(conn->sock))) {
+ /* This clears conn->scpool (and associated data), so backup and
+ * restore any ssl_hostname for this connection set earlier by
+ * ap_proxy_determine_connection().
+ */
+ char ssl_hostname[PROXY_WORKER_RFC1035_NAME_SIZE];
+ if (!conn->ssl_hostname || PROXY_STRNCPY(ssl_hostname,
+ conn->ssl_hostname)) {
+ ssl_hostname[0] = '\0';
+ }
+
socket_cleanup(conn);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
"%s: backend socket is disconnected.",
proxy_function);
+
+ if (ssl_hostname[0]) {
+ conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
+ }
}
}
while ((backend_addr || conn->uds_path) && !connected) {
projects / apache / commitdiff