From: Doug MacEachern <dougm@apache.org>
Date: Tue, 2 Apr 2002 17:30:08 +0000 (+0000)
Subject: PR:
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=be891c26c90ba0dbb0eb5889e2360802d6a8a032;p=apache

PR:
Obtained from:
Submitted by:
Reviewed by:    Ryan Bloom
ap_remove_output_filter no longer works for connection filters.
change logic in the case of "HTTP spoken on HTTPS port" to disable the
ssl filters rather than attempt to remove the filters.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94393 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 12a0986a53..1bf3fa949b 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -416,10 +416,9 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
                 /*
                  * The case where OpenSSL has recognized a HTTP request:
                  * This means the client speaks plain HTTP on our HTTPS port.
-                 * Hmmmm...  Punt this out of here after removing our output
-                 * filter.
+                 * ssl_io_filter_error will disable the ssl filters when it
+                 * sees this status code.
                  */
-                ap_remove_output_filter(filter->pOutputFilter);
                 return HTTP_BAD_REQUEST;
             }
             else if ((SSL_get_error(filter->pssl, n) == SSL_ERROR_SYSCALL) &&
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 076d2770a3..da7a8a23a9 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -743,6 +743,13 @@ static apr_status_t ssl_io_input_getline(ssl_io_input_ctx_t *ctx,
                                sizeof(HTTP_ON_HTTPS_PORT) - 1, \
                                alloc)
 
+static void ssl_io_filter_disable(ap_filter_t *f)
+{
+    ssl_io_input_ctx_t *ctx = f->ctx;
+    ctx->inbio.ssl = NULL;
+    ctx->frec->pssl = NULL;
+}
+
 static apr_status_t ssl_io_filter_error(ap_filter_t *f,
                                         apr_bucket_brigade *bb,
                                         apr_status_t status)
@@ -758,6 +765,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
 
             /* fake the request line */
             bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
+            ssl_io_filter_disable(f);
             break;
 
       default:
@@ -781,6 +789,10 @@ static apr_status_t ssl_io_filter_Input(ap_filter_t *f,
     apr_size_t len = sizeof(ctx->buffer);
     int is_init = (mode == AP_MODE_INIT);
 
+    if (!ctx->inbio.ssl) {
+        return ap_get_brigade(f->next, bb, mode, block, readbytes);
+    }
+
     /* XXX: we don't currently support anything other than these modes. */
     if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE && 
         mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {