From: Eric Covener <covener@apache.org>
Date: Sat, 31 Jan 2009 21:16:51 +0000 (+0000)
Subject: Provide a hint when we see what looks like an SSL record when we're
X-Git-Tag: 2.3.2~116
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=87e07a8396fdac4afd5bbf0b62ae1ead25e21987;p=apache

Provide a hint when we see what looks like an SSL record when we're
expecting a plain-text request line.

Submitted by: Dan Poirer <poirier pobox.com>
Reviwed by: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@739620 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/core.c b/server/core.c
index 257b516a70..e10c141029 100644
--- a/server/core.c
+++ b/server/core.c
@@ -3673,8 +3673,19 @@ static int default_handler(request_rec *r)
     }
     else {              /* unusual method (not GET or POST) */
         if (r->method_number == M_INVALID) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "Invalid method in request %s", r->the_request);
+            /* See if this looks like an undecrypted SSL handshake attempt.
+             * It's safe to look a couple bytes into the_request if it exists, as it's
+             * always allocated at least MIN_LINE_ALLOC (80) bytes.
+             */
+            if (r->the_request
+                && r->the_request[0] == 0x16                                
+                && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3)) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request);
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "Invalid method in request %s", r->the_request);
+            }
             return HTTP_NOT_IMPLEMENTED;
         }