<directivesynopsis>
<name>ProtocolsHonorOrder</name>
- <description>Protocols available for a server/virtual host</description>
+ <description>Determines if order of Protocols determines precedence during negotiation</description>
<syntax>ProtocolsHonorOrder On|Off</syntax>
<default>ProtocolsHonorOrder On</default>
<contextlist><context>server config</context><context>virtual host</context></contextlist>
const unsigned char *next_proto = NULL;
unsigned next_proto_len = 0;
const char *protocol;
- int n;
SSL_get0_alpn_selected(inctx->ssl, &next_proto, &next_proto_len);
if (next_proto && next_proto_len) {
* selected by the SNI.
*/
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
- "Hostname %s provided via SNI and hostname %s provided"
- " via HTTP are different", servername, r->hostname);
- if (r->connection->keepalives > 0) {
- return HTTP_MISDIRECTED_REQUEST;
- }
- return HTTP_BAD_REQUEST;
+ "Hostname %s provided via SNI and hostname %s provided"
+ " via HTTP select a different server",
+ servername, r->hostname);
+ return HTTP_MISDIRECTED_REQUEST;
}
}
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
}
if (inlen == 0) {
- // someone tries to trick us?
+ /* someone tries to trick us? */
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837)
"ALPN client protocol list empty");
return SSL_TLSEXT_ERR_ALERT_FATAL;
for (i = 0; i < inlen; /**/) {
unsigned int plen = in[i++];
if (plen + i > inlen) {
- // someone tries to trick us?
+ /* someone tries to trick us? */
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838)
"ALPN protocol identifier too long");
return SSL_TLSEXT_ERR_ALERT_FATAL;
static void *create_core_server_config(apr_pool_t *a, server_rec *s)
{
core_server_config *conf;
- const char **np;
int is_virtual = s->is_virtual;
conf = (core_server_config *)apr_pcalloc(a, sizeof(core_server_config));
/* Grab a list of tokens of the format 1#token (from RFC7230) */
AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p,
- const char *str_in,
- apr_array_header_t **tokens,
- int skip_invalid)
+ const char *str_in,
+ apr_array_header_t **tokens,
+ int skip_invalid)
{
int in_leading_space = 1;
int in_trailing_space = 0;
int string_end = 0;
const char *tok_begin;
const char *cur;
-
+
if (!str_in) {
return NULL;
}
-
+
tok_begin = cur = str_in;
-
+
while (!string_end) {
const unsigned char c = (unsigned char)*cur;
-
+
if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') {
/* Non-separator character; we are finished with leading
* whitespace. We must never have encountered any trailing
*tokens = apr_array_make(p, 4, sizeof(char *));
}
APR_ARRAY_PUSH(*tokens, char *) =
- apr_pstrmemdup((*tokens)->pool, tok_begin,
- (cur - tok_begin) - in_trailing_space);
+ apr_pstrmemdup((*tokens)->pool, tok_begin,
+ (cur - tok_begin) - in_trailing_space);
}
/* We're allowed to have null elements, just don't add them to the
* array */
-
+
tok_begin = cur + 1;
in_leading_space = 1;
in_trailing_space = 0;
if(!temp) {
temp = ap_strchr_c(cur, '\0');
}
-
+
/* Act like we haven't seen a token so we reset */
cur = temp - 1;
in_leading_space = 1;
"'\\x%.2x'", (unsigned int)c);
}
}
-
+
++cur;
}
-
+
return NULL;
}
-
+
/* Retrieve a token, spacing over it and returning a pointer to
* the first non-white byte afterwards. Note that these tokens
* are delimited by semis and commas; and can also be delimited
projects / apache / commitdiff