https://bz.apache.org/bugzilla/show_bug.cgi?id=58688
Bug ID: 58688
Summary: Missing mod_ssl connection-level upgrade headers for
OPTIONS * requests
Product: Apache httpd-2
Version: 2.4.17
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
Bug in the behavior of httpd prior to 2.4.18
OPTIONS * HTTP/1.1
Host: example.com
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:16 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Content-Length: 0
OPTIONS / HTTP/1.1
Host: example.com
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2015 15:26:51 GMT
Server: Apache/2.4.18-dev (Unix) OpenSSL/1.0.2e-dev mod_bmx/0.9.7-dev
mod_ftp/1.0.1-dev
Upgrade: TLS/1.0, HTTP/1.1
Connection: upgrade
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
Content-Type: text/html
The missing Allow header is by-design (according to comments in http_core.c),
the missing Content-Type header is correct (no content delivered).
The missing Upgrade/Connection headers are incorrect, this is due to mod_ssl
adding the upgrade headers in the fixups; however fixups are not run for any
TRACE or OPTIONS * requests as they are bypassed in ap_process_request once
it determines that the core map_to_storage hook indicated that neither request
would reside in storage.
Moving this to post ReadReq hook in ssl_engine_kernel.c seems to fix this
quirk,
patch incoming. An alternative place for such a non-storage fixup would be a
run-first map_to_storage hook (this seems far less intuitive).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
