Author: icing
Date: Mon Aug 1 12:56:11 2022
New Revision: 1903167
URL: http://svn.apache.org/viewvc?rev=1903167&view=rev
Log:
*) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error. Fixed PR66190.
Added:
httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt
Modified:
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/test/modules/proxy/env.py
httpd/httpd/trunk/test/modules/proxy/test_01_http.py
Added: httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt?rev=1903167&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt (added)
+++ httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt Mon Aug 1 12:56:11 2022
@@ -0,0 +1,5 @@
+ *) mod_ssl: when a proxy connection had handled a request using SSL, an
+ error was logged when "SSLProxyEngine" was only configured in the
+ location/proxy section and not the overall server. The connection
+ continued to work, the error log was in error. Fixed PR66190.
+ [Stefan Eissing]
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Mon Aug 1 12:56:11 2022
@@ -556,6 +556,13 @@ static int ssl_hook_ssl_bind_outgoing(co
int status;
sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
+ if (sslconn->ssl) {
+ /* we are already bound to this connection. We have rebound
+ * or removed the reference to a previous per_dir_config,
+ * there is nothing more to do. */
+ return OK;
+ }
+
status = ssl_engine_status(c, sslconn);
if (enable_ssl) {
if (status != OK) {
Modified: httpd/httpd/trunk/test/modules/proxy/env.py
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/test/modules/proxy/env.py?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/test/modules/proxy/env.py (original)
+++ httpd/httpd/trunk/test/modules/proxy/env.py Mon Aug 1 12:56:11 2022
@@ -17,7 +17,7 @@ class ProxyTestSetup(HttpdTestSetup):
def __init__(self, env: 'HttpdTestEnv'):
super().__init__(env=env)
self.add_source_dir(os.path.dirname(inspect.getfile(ProxyTestSetup)))
- self.add_modules(["proxy", "proxy_http"])
+ self.add_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests"])
class ProxyTestEnv(HttpdTestEnv):
@@ -30,7 +30,7 @@ class ProxyTestEnv(HttpdTestEnv):
self._d_forward = f"forward.{self.http_tld}"
self._d_mixed = f"mixed.{self.http_tld}"
- self.add_httpd_log_modules(["proxy", "proxy_http"])
+ self.add_httpd_log_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests", "ssl"])
self.add_cert_specs([.
CertificateSpec(domains=[.
self._d_forward, self._d_reverse, self._d_mixed
@@ -38,6 +38,9 @@ class ProxyTestEnv(HttpdTestEnv):
CertificateSpec(domains=[f"noh2.{self.http_tld}"], key_type='rsa2048'),
])
+ def setup_httpd(self, setup: HttpdTestSetup = None):
+ super().setup_httpd(setup=ProxyTestSetup(env=self))
+
@property
def d_forward(self):
return self._d_forward
Modified: httpd/httpd/trunk/test/modules/proxy/test_01_http.py
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/test/modules/proxy/test_01_http.py?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/test/modules/proxy/test_01_http.py (original)
+++ httpd/httpd/trunk/test/modules/proxy/test_01_http.py Mon Aug 1 12:56:11 2022
@@ -1,4 +1,6 @@
import os
+import time
+
import pytest
from pyhttpd.conf import HttpdConf
@@ -69,3 +71,24 @@ class TestProxyHttp:
assert r.response["status"] == 200
assert r.json['host'] == seen
+ def test_proxy_01_003(self, env):
+ domain = f"test1.{env.http_tld}"
+ conf = HttpdConf(env)
+ conf.add([.
+ "ProxyPreserveHost on",
+ "<Proxy balancer://backends>",
+ f" BalancerMember https://localhost:{env.https_port}",
+ " SSLProxyEngine on",
+ "</Proxy>",
+ ])
+ conf.start_vhost(domains=[domain], port=env.https_port, doc_root="htdocs/test1")
+ conf.add([
+ "ProxyPass /proxy balancer://backends",
+ "ProxyPassReverse /proxy balancer://backends",
+ ])
+ conf.end_vhost()
+ conf.install()
+ assert env.apache_restart() == 0
+ r = env.curl_get(f"https://{domain}:{env.https_port}/proxy/alive.json", 5)
+ assert r.response["status"] == 200
+ assert r.json['host'] == "test1"
Date: Mon Aug 1 12:56:11 2022
New Revision: 1903167
URL: http://svn.apache.org/viewvc?rev=1903167&view=rev
Log:
*) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error. Fixed PR66190.
Added:
httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt
Modified:
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/test/modules/proxy/env.py
httpd/httpd/trunk/test/modules/proxy/test_01_http.py
Added: httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt?rev=1903167&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt (added)
+++ httpd/httpd/trunk/changes-entries/ssl_proxy_bind.txt Mon Aug 1 12:56:11 2022
@@ -0,0 +1,5 @@
+ *) mod_ssl: when a proxy connection had handled a request using SSL, an
+ error was logged when "SSLProxyEngine" was only configured in the
+ location/proxy section and not the overall server. The connection
+ continued to work, the error log was in error. Fixed PR66190.
+ [Stefan Eissing]
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Mon Aug 1 12:56:11 2022
@@ -556,6 +556,13 @@ static int ssl_hook_ssl_bind_outgoing(co
int status;
sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
+ if (sslconn->ssl) {
+ /* we are already bound to this connection. We have rebound
+ * or removed the reference to a previous per_dir_config,
+ * there is nothing more to do. */
+ return OK;
+ }
+
status = ssl_engine_status(c, sslconn);
if (enable_ssl) {
if (status != OK) {
Modified: httpd/httpd/trunk/test/modules/proxy/env.py
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/test/modules/proxy/env.py?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/test/modules/proxy/env.py (original)
+++ httpd/httpd/trunk/test/modules/proxy/env.py Mon Aug 1 12:56:11 2022
@@ -17,7 +17,7 @@ class ProxyTestSetup(HttpdTestSetup):
def __init__(self, env: 'HttpdTestEnv'):
super().__init__(env=env)
self.add_source_dir(os.path.dirname(inspect.getfile(ProxyTestSetup)))
- self.add_modules(["proxy", "proxy_http"])
+ self.add_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests"])
class ProxyTestEnv(HttpdTestEnv):
@@ -30,7 +30,7 @@ class ProxyTestEnv(HttpdTestEnv):
self._d_forward = f"forward.{self.http_tld}"
self._d_mixed = f"mixed.{self.http_tld}"
- self.add_httpd_log_modules(["proxy", "proxy_http"])
+ self.add_httpd_log_modules(["proxy", "proxy_http", "proxy_balancer", "lbmethod_byrequests", "ssl"])
self.add_cert_specs([.
CertificateSpec(domains=[.
self._d_forward, self._d_reverse, self._d_mixed
@@ -38,6 +38,9 @@ class ProxyTestEnv(HttpdTestEnv):
CertificateSpec(domains=[f"noh2.{self.http_tld}"], key_type='rsa2048'),
])
+ def setup_httpd(self, setup: HttpdTestSetup = None):
+ super().setup_httpd(setup=ProxyTestSetup(env=self))
+
@property
def d_forward(self):
return self._d_forward
Modified: httpd/httpd/trunk/test/modules/proxy/test_01_http.py
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/test/modules/proxy/test_01_http.py?rev=1903167&r1=1903166&r2=1903167&view=diff
==============================================================================
--- httpd/httpd/trunk/test/modules/proxy/test_01_http.py (original)
+++ httpd/httpd/trunk/test/modules/proxy/test_01_http.py Mon Aug 1 12:56:11 2022
@@ -1,4 +1,6 @@
import os
+import time
+
import pytest
from pyhttpd.conf import HttpdConf
@@ -69,3 +71,24 @@ class TestProxyHttp:
assert r.response["status"] == 200
assert r.json['host'] == seen
+ def test_proxy_01_003(self, env):
+ domain = f"test1.{env.http_tld}"
+ conf = HttpdConf(env)
+ conf.add([.
+ "ProxyPreserveHost on",
+ "<Proxy balancer://backends>",
+ f" BalancerMember https://localhost:{env.https_port}",
+ " SSLProxyEngine on",
+ "</Proxy>",
+ ])
+ conf.start_vhost(domains=[domain], port=env.https_port, doc_root="htdocs/test1")
+ conf.add([
+ "ProxyPass /proxy balancer://backends",
+ "ProxyPassReverse /proxy balancer://backends",
+ ])
+ conf.end_vhost()
+ conf.install()
+ assert env.apache_restart() == 0
+ r = env.curl_get(f"https://{domain}:{env.https_port}/proxy/alive.json", 5)
+ assert r.response["status"] == 200
+ assert r.json['host'] == "test1"