From: Stefan Fritsch <sf@apache.org>
Date: Tue, 3 Jul 2012 19:32:59 +0000 (+0000)
Subject: Merge r1333969:
X-Git-Tag: 2.4.3~349
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ae3c8e270b6c78f2482788ac7180c80c5b9cd26b;p=apache

Merge r1333969:

    Use the the same hostname for SNI as for the HTTP request when forwarding
    to SSL backends.

    PR: 53134
    Based on a patch from: Michael Weiser <michael weiser.dinsnail.net>

Reviewed by: rpluem, druggeri, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356881 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e6d18af21d..4d784e7b4f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
 
 Changes with Apache 2.4.3
 
+  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
+     forwarding to SSL backends. PR 53134.
+     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
+
   *) mod_info: Display all registered providers. [Stefan Fritsch]
 
   *) mod_ssl: Send the error message for speaking http to an https port using
diff --git a/STATUS b/STATUS
index a38c3a88a8..b0c33285d8 100644
--- a/STATUS
+++ b/STATUS
@@ -88,14 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_proxy: Use the the same hostname for SNI as for the HTTP request when
-     forwarding to SSL backends. PR 53134.
-      Trunk version of patch:
-         http://svn.apache.org/viewcvs.cgi?rev=1333969&view=rev
-      Backport version for 2.4.x of patch:
-         Trunk version of patch works
-      +1: rpluem, druggeri, covener
-
   * core: Use a TLS/10 close_notify for dummy connection to SSL listener.
     trunk patches: http://svn.apache.org/viewvc?rev=1327036&view=rev
                    http://svn.apache.org/viewvc?rev=1327080&view=rev
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 64b95a2fb7..bb1cd74fe7 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -2236,8 +2236,24 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
              * so.
              */
             if (is_ssl) {
+                proxy_dir_conf *dconf;
+                const char *ssl_hostname;
+
+                /*
+                 * In the case of ProxyPreserveHost on use the hostname of
+                 * the request if present otherwise use the one from the
+                 * backend request URI.
+                 */
+                dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
+                if ((dconf->preserve_host != 0) && (r->hostname != NULL)) {
+                    ssl_hostname = r->hostname;
+                }
+                else {
+                    ssl_hostname = uri->hostname;
+                }
+
                 apr_table_set(backend->connection->notes, "proxy-request-hostname",
-                              uri->hostname);
+                              ssl_hostname);
             }
         }