From 94da5dff7c7da86096d2096d2a457c542ac41b3f Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 12 Jan 2015 13:32:18 +0000 Subject: [PATCH] Merge r1601919, r1650061 from trunk: mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads. mod_ssl: follow up to r1601919. Likewise when set from SNI callback. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651078 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 16 ---------------- modules/ssl/ssl_engine_io.c | 10 ++++++++-- modules/ssl/ssl_engine_kernel.c | 10 ++++++++-- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index e6d7d4f639..0af2637707 100644 --- a/CHANGES +++ b/CHANGES @@ -22,6 +22,9 @@ Changes with Apache 2.4.11 request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] + *) mod_ssl: dump SSL IO/state for the write side of the connection(s), + like reads (level TRACE4). [Yann Ylavic] + *) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. [Jan Kaluza] diff --git a/STATUS b/STATUS index 2e078f7222..f5d0093c60 100644 --- a/STATUS +++ b/STATUS @@ -146,15 +146,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: (modulo CHANGES/MMN) +1: ylavic, jim, covener - * mod_ssl, event: Ensure that the SSL close notify alert is flushed to the client. - PR54998. - trunk patch: http://svn.apache.org/r1601184 - http://svn.apache.org/r1601274 - http://svn.apache.org/r1601185 - 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-SSL-shutdown.patch - (modulo CHANGES/MMN) - +1: ylavic, rjung, covener - * mod_proxy: Shutdown (eg. SSL close notify) the backend connection before closing. trunk patch: http://svn.apache.org/r1601291 http://svn.apache.org/r1601630 @@ -163,13 +154,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: note: depends on ap_shutdown_conn() from r1601185 above. +1: ylavic, rjung, covener - * mod_ssl: mod_ssl: dump SSL IO/state for the write side of the connection(s), - like reads. - trunk patch: http://svn.apache.org/r1601919 - http://svn.apache.org/r1650061 - 2.4.x patch: trunk works (module CHANGES) - +1: ylavic, rjung, covener - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index fc0f36a74c..9dd181e065 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1928,8 +1928,14 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl) ssl_io_filter_cleanup, apr_pool_cleanup_null); if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) { - BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); - BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); + BIO *rbio = SSL_get_rbio(ssl), + *wbio = SSL_get_wbio(ssl); + BIO_set_callback(rbio, ssl_io_data_cb); + BIO_set_callback_arg(rbio, (void *)ssl); + if (wbio && wbio != rbio) { + BIO_set_callback(wbio, ssl_io_data_cb); + BIO_set_callback_arg(wbio, (void *)ssl); + } } return; diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e295560bec..14afbf4a45 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2049,8 +2049,14 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) * we need to set that callback here. */ if (APLOGtrace4(s)) { - BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); - BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); + BIO *rbio = SSL_get_rbio(ssl), + *wbio = SSL_get_wbio(ssl); + BIO_set_callback(rbio, ssl_io_data_cb); + BIO_set_callback_arg(rbio, (void *)ssl); + if (wbio && wbio != rbio) { + BIO_set_callback(wbio, ssl_io_data_cb); + BIO_set_callback_arg(wbio, (void *)ssl); + } } return 1; -- 2.40.0