From 5daa6b7a7db05e0987b80a24ba4b5d1b8354c336 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Fri, 26 Nov 2010 10:33:19 +0000 Subject: [PATCH] * Put a note in the connection notes that the SSL handshake to the backend failed such that mod_proxy can put the worker in error state. PR: 50332 Submitted by: Daniel Ruggeri Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1039304 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 6 +++++- modules/proxy/mod_proxy_http.c | 6 ++++++ modules/ssl/ssl_engine_io.c | 4 ++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7c0dc7ba05..3e6d875abf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,11 @@ - -*- coding: utf-8 -*- + -*- coding: utf-8 -*- Changes with Apache 2.3.10 + *) mod_proxy: Put the worker in error state if the SSL handshake with the + backend fails. PR 50332. + [Daniel Ruggeri , Ruediger Pluem] + *) mod_cache_disk: Fix Windows build which was broken after renaming the module. [Gregg L. Smith] diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 5738124748..61d59252ac 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1468,6 +1468,12 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, "Timeout on 100-Continue"); } } + else if (strcmp(apr_table_get(backend->connection->notes, + "SSL_connect_rv"), "err") == 0) { + return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, + "Error during SSL Handshake with" + " remote server"); + } /* * If we are a reverse proxy request shutdown the connection * WITHOUT ANY response to trigger a retry by the client diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index e64fd3bc56..da64c05953 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1091,6 +1091,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server); /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return MODSSL_ERROR_BAD_GATEWAY; } @@ -1108,6 +1109,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) } /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return HTTP_BAD_GATEWAY; } X509_free(cert); @@ -1127,10 +1129,12 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) hostname, hostname_note); /* ensure that the SSL structures etc are freed, etc: */ ssl_filter_io_shutdown(filter_ctx, c, 1); + apr_table_set(c->notes, "SSL_connect_rv", "err"); return HTTP_BAD_GATEWAY; } } + apr_table_set(c->notes, "SSL_connect_rv", "ok"); return APR_SUCCESS; } -- 2.40.0