mod_proxy_http2: detect TLS close notify on backend connection, patch by Yann Ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1750505 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
index 27a3a5a6727e3bda0b7ac3969e2149ecd7b700db..df1d781175731771104b025ab687b9d864093c48 100644 (file)
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -520,11 +520,20 @@ run_connect:
     }
 
     ctx->p_conn->is_ssl = ctx->is_ssl;
-    if (ctx->is_ssl) {
-        /* If there is still some data on an existing ssl connection, now
-         * would be a good timne to get rid of it. */
-        ap_proxy_ssl_connection_cleanup(ctx->p_conn, ctx->rbase);
-    }
+    if (ctx->is_ssl && ctx->p_conn->connection) {
+        /* If there are some metadata on the connection (e.g. TLS alert),
+         * let mod_ssl detect them, and create a new connection below.
+         */ 
+        apr_bucket_brigade *tmp_bb;
+        tmp_bb = apr_brigade_create(ctx->rbase->pool, 
+                                    ctx->rbase->connection->bucket_alloc);
+        status = ap_get_brigade(ctx->p_conn->connection->input_filters, tmp_bb,
+                                AP_MODE_SPECULATIVE, APR_NONBLOCK_READ, 1);
+        if (status != APR_SUCCESS && !APR_STATUS_IS_EAGAIN(status)) {
+            ctx->p_conn->close = 1;
+        }
+        apr_brigade_cleanup(tmp_bb);
+    }   
 
     /* Step One: Determine the URL to connect to (might be a proxy),
      * initialize the backend accordingly and determine the server