From aaa0d67dcc6ecf77c46099456afa6bf0d46b0441 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Fri, 20 Apr 2012 11:22:20 +0000
Subject: [PATCH] Remove the link in the speaking-http-on-https error message.

With SNI, the link will usually be wrong. So better send no link at all.

PR: 50823


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1328326 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                         |  3 ++-
 modules/ssl/ssl_engine_kernel.c | 28 ++++------------------------
 2 files changed, 6 insertions(+), 25 deletions(-)

diff --git a/CHANGES b/CHANGES
index 39b30428d8..50904a5805 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,8 @@
 Changes with Apache 2.5.0
 
   *) mod_ssl: Send the error message for speaking http to an https port using
-     HTTP/1.0 instead of HTTP/0.9. PR 50823. [Stefan Fritsch]
+     HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
+     using SNI. PR 50823. [Stefan Fritsch]
 
   *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
      PR 53048. [Stefan Fritsch]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 1db1ab124f..e514a74bdf 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -141,30 +141,10 @@ int ssl_hook_ReadReq(request_rec *r)
     }
 
     if (sslconn->non_ssl_request == NON_SSL_SET_ERROR_MSG) {
-        const char *errmsg;
-        char *thisurl;
-        char *thisport = "";
-        int port = ap_get_server_port(r);
-
-        if (!ap_is_default_port(port, r)) {
-            thisport = apr_psprintf(r->pool, ":%u", port);
-        }
-
-        thisurl = ap_escape_html(r->pool,
-                                 apr_psprintf(r->pool, "https://%s%s/",
-                                              ap_get_server_name_for_url(r),
-                                              thisport));
-
-        errmsg = apr_psprintf(r->pool,
-                              "Reason: You're speaking plain HTTP "
-                              "to an SSL-enabled server port.<br />\n"
-                              "Instead use the HTTPS scheme to access "
-                              "this URL, please.<br />\n"
-                              "<blockquote>Hint: "
-                              "<a href=\"%s\"><b>%s</b></a></blockquote>",
-                              thisurl, thisurl);
-
-        apr_table_setn(r->notes, "error-notes", errmsg);
+        apr_table_setn(r->notes, "error-notes",
+                       "Reason: You're speaking plain HTTP to an SSL-enabled "
+                       "server port.<br />\n Instead use the HTTPS scheme to "
+                       "access this URL, please.<br />\n");
 
         /* Now that we have caught this error, forget it. we are done
          * with using SSL on this request.
-- 
2.50.1