From 25a39d92384bbef3ac8eb2a59f3bff729fdb8d7c Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 15 Apr 2015 19:51:44 +0000
Subject: [PATCH] Merge r1634120 from trunk:

* Use the correct server name for SNI in case the backend SSL connection itself
  is established via a proxy server.

PR: 57139
Submitted by: Szabolcs Gyurko <szabolcs gyurko.org>



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1673941 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                    | 4 ++++
 STATUS                     | 6 ------
 modules/proxy/proxy_util.c | 4 ++++
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index b105136386..effe3f456b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,10 @@ Changes with Apache 2.4.13
      calls r:wsupgrade() can cause a child process crash. 
      [Edward Lu <Chaosed0 gmail.com>]
 
+  *) mod_proxy: Use the correct server name for SNI in case the backend
+     SSL connection itself is established via a proxy server.
+     PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
+
   *) mod_ssl: Fix possible crash when loading server certificate constraints.
      PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
 
diff --git a/STATUS b/STATUS
index ae5d7687f4..20e9bb9bc5 100644
--- a/STATUS
+++ b/STATUS
@@ -105,12 +105,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_proxy: Use the correct server name for SNI in case the backend
-     SSL connection itself is established via a proxy server.  PR 57139
-     trunk patch: http://svn.apache.org/r1634120
-     2.4.x patch: trunk works (modulo CHANGES)
-     +1: ylavic, rjung, covener
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 734e4abe66..0b8b30c94d 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2384,6 +2384,10 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
         if (dconf->preserve_host) {
             ssl_hostname = r->hostname;
         }
+        else if (conn->forward
+                 && ((forward_info *)(conn->forward))->use_http_connect) {
+            ssl_hostname = ((forward_info *)conn->forward)->target_host;
+        }
         else {
             ssl_hostname = conn->hostname;
         }
-- 
2.50.1