From: Yann Ylavic Date: Mon, 28 Sep 2015 22:00:12 +0000 (+0000) Subject: Follow up to r1705672. X-Git-Tag: 2.4.17~67 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c8dc4e3b7edbffb07ddd447c81555a0fd080b6a5;p=apache Follow up to r1705672. Backport changes that somehow missed the backport process. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705784 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 1620ccbbc1..03fd555f12 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -3634,7 +3634,7 @@ On Windows, from Apache 2.3.3 and later. ProtocolsHonorOrder - Protocols available for a server/virtual host + Determines if order of Protocols determines precedence during negotiation ProtocolsHonorOrder On|Off ProtocolsHonorOrder On server configvirtual host diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index cbbb8f8e9c..1df43e7163 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1427,7 +1427,6 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, const unsigned char *next_proto = NULL; unsigned next_proto_len = 0; const char *protocol; - int n; SSL_get0_alpn_selected(inctx->ssl, &next_proto, &next_proto_len); if (next_proto && next_proto_len) { diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 037a2321a6..caaa19778d 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -202,12 +202,10 @@ int ssl_hook_ReadReq(request_rec *r) * selected by the SNI. */ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032) - "Hostname %s provided via SNI and hostname %s provided" - " via HTTP are different", servername, r->hostname); - if (r->connection->keepalives > 0) { - return HTTP_MISDIRECTED_REQUEST; - } - return HTTP_BAD_REQUEST; + "Hostname %s provided via SNI and hostname %s provided" + " via HTTP select a different server", + servername, r->hostname); + return HTTP_MISDIRECTED_REQUEST; } } else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE) @@ -2168,7 +2166,7 @@ int ssl_callback_alpn_select(SSL *ssl, } if (inlen == 0) { - // someone tries to trick us? + /* someone tries to trick us? */ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837) "ALPN client protocol list empty"); return SSL_TLSEXT_ERR_ALERT_FATAL; @@ -2178,7 +2176,7 @@ int ssl_callback_alpn_select(SSL *ssl, for (i = 0; i < inlen; /**/) { unsigned int plen = in[i++]; if (plen + i > inlen) { - // someone tries to trick us? + /* someone tries to trick us? */ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838) "ALPN protocol identifier too long"); return SSL_TLSEXT_ERR_ALERT_FATAL; diff --git a/server/core.c b/server/core.c index de54dc5a42..37484b66e6 100644 --- a/server/core.c +++ b/server/core.c @@ -423,7 +423,6 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) static void *create_core_server_config(apr_pool_t *a, server_rec *s) { core_server_config *conf; - const char **np; int is_virtual = s->is_virtual; conf = (core_server_config *)apr_pcalloc(a, sizeof(core_server_config)); diff --git a/server/util.c b/server/util.c index 0bc04b18cc..916213c380 100644 --- a/server/util.c +++ b/server/util.c @@ -1453,25 +1453,25 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, /* Grab a list of tokens of the format 1#token (from RFC7230) */ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, - const char *str_in, - apr_array_header_t **tokens, - int skip_invalid) + const char *str_in, + apr_array_header_t **tokens, + int skip_invalid) { int in_leading_space = 1; int in_trailing_space = 0; int string_end = 0; const char *tok_begin; const char *cur; - + if (!str_in) { return NULL; } - + tok_begin = cur = str_in; - + while (!string_end) { const unsigned char c = (unsigned char)*cur; - + if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') { /* Non-separator character; we are finished with leading * whitespace. We must never have encountered any trailing @@ -1502,12 +1502,12 @@ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, *tokens = apr_array_make(p, 4, sizeof(char *)); } APR_ARRAY_PUSH(*tokens, char *) = - apr_pstrmemdup((*tokens)->pool, tok_begin, - (cur - tok_begin) - in_trailing_space); + apr_pstrmemdup((*tokens)->pool, tok_begin, + (cur - tok_begin) - in_trailing_space); } /* We're allowed to have null elements, just don't add them to the * array */ - + tok_begin = cur + 1; in_leading_space = 1; in_trailing_space = 0; @@ -1522,7 +1522,7 @@ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, if(!temp) { temp = ap_strchr_c(cur, '\0'); } - + /* Act like we haven't seen a token so we reset */ cur = temp - 1; in_leading_space = 1; @@ -1533,13 +1533,13 @@ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, "'\\x%.2x'", (unsigned int)c); } } - + ++cur; } - + return NULL; } - + /* Retrieve a token, spacing over it and returning a pointer to * the first non-white byte afterwards. Note that these tokens * are delimited by semis and commas; and can also be delimited