*) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly

     on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1846111 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index bc0d220193e2d09b09ad7ec36da5acd7a438cb96..51e602ae2754a1ea69bc83b84cbfd0f2f6a3252c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly
+     on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing]
+
   *) mod_ssl: clear *SSL errors before loading certificates and checking
      afterwards. Otherwise errors are reported when other SSL using modules
      are in play. Fixes PR 62880. [Michael Kaufmann]

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e91f600e8798b11b563ae95015e6f345f2c16ad9..1570d8da647b31366f6b756cc69af6f21fe3d5e2 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1605,10 +1605,7 @@ static authz_status ssl_authz_require_ssl_check(request_rec *r,
                                                 const char *require_line,
                                                 const void *parsed)
 {
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-    SSL *ssl = sslconn ? sslconn->ssl : NULL;
-
-    if (ssl)
+    if (modssl_request_is_tls(r, NULL))
         return AUTHZ_GRANTED;
     else
         return AUTHZ_DENIED;