/* Just use a simple request. Any request will work for this, because
* we use a flag in the conn_rec->conn_vector now. The fake request just
* gets the request back to the Apache core so that a response can be sent.
- *
- * To avoid calling back for more data from the socket, use an HTTP/0.9
- * request, and tack on an EOS bucket.
+ * Since we use an HTTP/1.x request, we also have to inject the empty line
+ * that terminates the headers, or the core will read more data from the
+ * socket.
*/
#define HTTP_ON_HTTPS_PORT \
- "GET /" CRLF
+ "GET / HTTP/1.0" CRLF
#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
{
SSLConnRec *sslconn = myConnConfig(f->c);
apr_bucket *bucket;
+ int send_eos = 1;
switch (status) {
case MODSSL_ERROR_HTTP_ON_HTTPS:
"trying to send HTML error page");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
- sslconn->non_ssl_request = 1;
+ sslconn->non_ssl_request = NON_SSL_SEND_HDR_SEP;
ssl_io_filter_disable(sslconn, f);
/* fake the request line */
bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+ send_eos = 0;
break;
case MODSSL_ERROR_BAD_GATEWAY:
}
APR_BRIGADE_INSERT_TAIL(bb, bucket);
- bucket = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
-
+ if (send_eos) {
+ bucket = apr_bucket_eos_create(f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, bucket);
+ }
return APR_SUCCESS;
}
}
if (!inctx->ssl) {
+ SSLConnRec *sslconn = myConnConfig(f->c);
+ if (sslconn->non_ssl_request == NON_SSL_SEND_HDR_SEP) {
+ apr_bucket *bucket = apr_bucket_immortal_create(CRLF, 2, f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, bucket);
+ sslconn->non_ssl_request = NON_SSL_SET_ERROR_MSG;
+ return APR_SUCCESS;
+ }
return ap_get_brigade(f->next, bb, mode, block, readbytes);
}
int verify_depth;
int is_proxy;
int disabled;
- int non_ssl_request;
+ enum {
+ NON_SSL_OK = 0, /* is SSL request, or error handling completed */
+ NON_SSL_SEND_HDR_SEP, /* Need to send the header separator */
+ NON_SSL_SET_ERROR_MSG /* Need to set the error message */
+ } non_ssl_request;
/* Track the handshake/renegotiation state for the connection so
* that all client-initiated renegotiations can be rejected, as a