From: Ruediger Pluem Date: Fri, 4 May 2012 14:02:58 +0000 (+0000) Subject: * Use the the same hostname for SNI as for the HTTP request when forwarding X-Git-Tag: 2.5.0-alpha~6904 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96cc34efbe3ec79652de37e640f24fb9eb2c44f7;p=apache * Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR: 53134 Based on a patch from: Michael Weiser Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1333969 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7ca62ea346..ea45df391f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when + forwarding to SSL backends. PR 53134. + [Michael Weiser , Ruediger Pluem] + *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. [Matthew Steele ] diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 97b8edd3d8..b219854400 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -2237,8 +2237,24 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, * so. */ if (is_ssl) { + proxy_dir_conf *dconf; + const char *ssl_hostname; + + /* + * In the case of ProxyPreserveHost on use the hostname of + * the request if present otherwise use the one from the + * backend request URI. + */ + dconf = ap_get_module_config(r->per_dir_config, &proxy_module); + if ((dconf->preserve_host != 0) && (r->hostname != NULL)) { + ssl_hostname = r->hostname; + } + else { + ssl_hostname = uri->hostname; + } + apr_table_set(backend->connection->notes, "proxy-request-hostname", - uri->hostname); + ssl_hostname); } }