Merge r1601919, r1650061 from trunk:

mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads.

mod_ssl: follow up to r1601919.
Likewise when set from SNI callback.
Submitted by: ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651078 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e6d7d4f639f6edf9feb20e7bc816899623dbad05..0af2637707f0f18d4c336fd923723b3cbad0e858 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -22,6 +22,9 @@ Changes with Apache 2.4.11
      request headers earlier.  Adds "MergeTrailers" directive to restore
      legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
 
+  *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
+     like reads (level TRACE4). [Yann Ylavic]
+
   *) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.
      [Jan Kaluza]
 

diff --git a/STATUS b/STATUS
index 2e078f7222614c600052d1b90e6aa4eda19e2f22..f5d0093c609921b5d04581595f550d46840ee765 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -146,15 +146,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
                   (modulo CHANGES/MMN)
      +1: ylavic, jim, covener
 
-   * mod_ssl, event: Ensure that the SSL close notify alert is flushed to the client.
-                     PR54998.
-     trunk patch: http://svn.apache.org/r1601184
-                  http://svn.apache.org/r1601274
-                  http://svn.apache.org/r1601185
-     2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-SSL-shutdown.patch
-                  (modulo CHANGES/MMN)
-     +1: ylavic, rjung, covener
-
    * mod_proxy: Shutdown (eg. SSL close notify) the backend connection before closing.
      trunk patch: http://svn.apache.org/r1601291
                   http://svn.apache.org/r1601630
@@ -163,13 +154,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      note: depends on ap_shutdown_conn() from r1601185 above.
      +1: ylavic, rjung, covener
 
-   * mod_ssl: mod_ssl: dump SSL IO/state for the write side of the connection(s),
-              like reads.
-     trunk patch: http://svn.apache.org/r1601919
-                  http://svn.apache.org/r1650061
-     2.4.x patch: trunk works (module CHANGES)
-     +1: ylavic, rjung, covener
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index fc0f36a74c010f0da8d564c1c258ddc5f826d5d4..9dd181e065fd25247f0eb0aa1a88af38143cabfc 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1928,8 +1928,14 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
                               ssl_io_filter_cleanup, apr_pool_cleanup_null);
 
     if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) {
-        BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
-        BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
+        BIO *rbio = SSL_get_rbio(ssl),
+            *wbio = SSL_get_wbio(ssl);
+        BIO_set_callback(rbio, ssl_io_data_cb);
+        BIO_set_callback_arg(rbio, (void *)ssl);
+        if (wbio && wbio != rbio) {
+            BIO_set_callback(wbio, ssl_io_data_cb);
+            BIO_set_callback_arg(wbio, (void *)ssl);
+        }
     }
 
     return;

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e295560bec5c0c92d54f969c653f3af9b7505c99..14afbf4a45f3db6db885cc5c03824e81ac2296d9 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2049,8 +2049,14 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
          * we need to set that callback here.
          */
         if (APLOGtrace4(s)) {
-            BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
-            BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
+            BIO *rbio = SSL_get_rbio(ssl),
+                *wbio = SSL_get_wbio(ssl);
+            BIO_set_callback(rbio, ssl_io_data_cb);
+            BIO_set_callback_arg(rbio, (void *)ssl);
+            if (wbio && wbio != rbio) {
+                BIO_set_callback(wbio, ssl_io_data_cb);
+                BIO_set_callback_arg(wbio, (void *)ssl);
+            }
         }
 
         return 1;