Use the the same hostname for SNI as for the HTTP request when forwarding
to SSL backends.
PR: 53134
Based on a patch from: Michael Weiser <michael weiser.dinsnail.net>
Reviewed by: rpluem, druggeri, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1356881 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.3
+ *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
+ forwarding to SSL backends. PR 53134.
+ [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
+
*) mod_info: Display all registered providers. [Stefan Fritsch]
*) mod_ssl: Send the error message for speaking http to an https port using
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy: Use the the same hostname for SNI as for the HTTP request when
- forwarding to SSL backends. PR 53134.
- Trunk version of patch:
- http://svn.apache.org/viewcvs.cgi?rev=1333969&view=rev
- Backport version for 2.4.x of patch:
- Trunk version of patch works
- +1: rpluem, druggeri, covener
-
* core: Use a TLS/10 close_notify for dummy connection to SSL listener.
trunk patches: http://svn.apache.org/viewvc?rev=1327036&view=rev
http://svn.apache.org/viewvc?rev=1327080&view=rev
* so.
*/
if (is_ssl) {
+ proxy_dir_conf *dconf;
+ const char *ssl_hostname;
+
+ /*
+ * In the case of ProxyPreserveHost on use the hostname of
+ * the request if present otherwise use the one from the
+ * backend request URI.
+ */
+ dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
+ if ((dconf->preserve_host != 0) && (r->hostname != NULL)) {
+ ssl_hostname = r->hostname;
+ }
+ else {
+ ssl_hostname = uri->hostname;
+ }
+
apr_table_set(backend->connection->notes, "proxy-request-hostname",
- uri->hostname);
+ ssl_hostname);
}
}