From: Jim Jagielski <jim@apache.org>
Date: Mon, 28 Sep 2015 13:00:59 +0000 (+0000)
Subject: Sync
X-Git-Tag: 2.4.17~79^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=refs%2Fheads%2F2.4.17-protocols-http2;p=apache

Sync


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.17-protocols-http2@1705681 13f79535-47bb-0310-9956-ffa450edef68
---

b0d87a9837eaf068c53b79a636d57e021747f053
diff --cc CHANGES
index 0581df378f,1e56da9650..95adda0f6d
--- a/CHANGES
+++ b/CHANGES
@@@ -1,9 -1,11 +1,13 @@@
                                                           -*- coding: utf-8 -*-
  
  Changes with Apache 2.4.17
 +  *) mod_h2: added donated http/2 implementation to build system. Similar
 +     configuration options to mod_ssl. [Stefan Eissing]
  
+   *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
+      an SSL connection.  PR 58454.  
+      [Konstantin J. Chernov <k.j.chernov gmail.com>]
+ 
    *) mod_cache: r->err_headers_out is not merged into
       r->headers when mod_cache is enabled and the response
       is cached for the first time. [Edward Lu]
diff --cc docs/manual/mod/core.xml
index 03fd555f12,1620ccbbc1..fc4e253cd3
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@@ -3589,6 -3589,6 +3589,8 @@@ On Windows, from Apache 2.3.3 and later
  </directivesynopsis>
  
  
++>
++
  <directivesynopsis>
      <name>Protocols</name>
      <description>Protocols available for a server/virtual host</description>
diff --cc modules/ssl/ssl_engine_kernel.c
index aef6b46535,0ac64bfeff..ac0c670174
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@@ -194,17 -196,18 +195,19 @@@ int ssl_hook_ReadReq(request_rec *r
                              " provided in HTTP request", servername);
                  return HTTP_BAD_REQUEST;
              }
 -            rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
 -            if (rv != APR_SUCCESS || scope_id) {
 -                return HTTP_BAD_REQUEST;
 -            }
 -            if (strcasecmp(host, servername)) {
 +            if (r->server != handshakeserver) {
 +                /* 
 +                 * We are really not in Kansas anymore...
 +                 * The request does not select the virtual host that was
 +                 * selected by the SNI.
 +                 */
                  ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
-                              "Hostname %s provided via SNI and hostname %s provided"
-                              " via HTTP select a different server",
-                              servername, r->hostname);
-                 return HTTP_MISDIRECTED_REQUEST;
+                             "Hostname %s provided via SNI and hostname %s provided"
+                             " via HTTP are different", servername, host);
+                 if (r->connection->keepalives > 0) {
+                     return HTTP_MISDIRECTED_REQUEST;
+                 }
+                 return HTTP_BAD_REQUEST;
              }
          }
          else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
diff --cc server/util.c
index 916213c380,0bc04b18cc..b56926a6b7
--- a/server/util.c
+++ b/server/util.c
@@@ -1451,11 -1451,11 +1451,12 @@@ AP_DECLARE(int) ap_find_etag_weak(apr_p
      return find_list_item(p, line, tok, AP_ETAG_WEAK);
  }
  
++
  /* Grab a list of tokens of the format 1#token (from RFC7230) */
  AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p,
 -                                                    const char *str_in,
 -                                                    apr_array_header_t **tokens,
 -                                                    int skip_invalid)
 +                                                const char *str_in,
 +                                                apr_array_header_t **tokens,
 +                                                int skip_invalid)
  {
      int in_leading_space = 1;
      int in_trailing_space = 0;