From 96cc34efbe3ec79652de37e640f24fb9eb2c44f7 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Fri, 4 May 2012 14:02:58 +0000 Subject: [PATCH] * Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR: 53134 Based on a patch from: Michael Weiser Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1333969 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/proxy/mod_proxy_http.c | 18 +++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7ca62ea346..ea45df391f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when + forwarding to SSL backends. PR 53134. + [Michael Weiser , Ruediger Pluem] + *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. [Matthew Steele ] diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 97b8edd3d8..b219854400 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -2237,8 +2237,24 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, * so. */ if (is_ssl) { + proxy_dir_conf *dconf; + const char *ssl_hostname; + + /* + * In the case of ProxyPreserveHost on use the hostname of + * the request if present otherwise use the one from the + * backend request URI. + */ + dconf = ap_get_module_config(r->per_dir_config, &proxy_module); + if ((dconf->preserve_host != 0) && (r->hostname != NULL)) { + ssl_hostname = r->hostname; + } + else { + ssl_hostname = uri->hostname; + } + apr_table_set(backend->connection->notes, "proxy-request-hostname", - uri->hostname); + ssl_hostname); } } -- 2.50.0