https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
--- Comment #11 from Eric Covener <[email protected]> --- (In reply to Reindl Harald from comment #10) > HTTPS on > REQUEST_SCHEME http To recap, when you handshake with an "SSLEngine on" vhost then your request is handled by an "SSLEngine optional" (which means starttls) vhost, these two variables disagree and redirects send you to http://. The former is set by ssl_hook_Fixup and looks for the SSL connection-level config if the vhost has "sslengine optional". The bits that go into fully-qualifying a redirect do not look to see if SSL is currently active on the config: static const char *ssl_hook_http_scheme(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { return NULL; } return "https"; } static apr_port_t ssl_hook_default_port(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { return 0; } return 443; } I don't know if those decisions make sense for actual "SSLengine optional" which is starttls, not simultaneous SSL and non-SSL. It looks like you've misunderstood "SSLEngine optional" and are saving a few lines of copy/paste to use a broken configuration. Maybe a different "optional" value is needed to allow opt-in to this alt behavior for an obscure config. Maybe someone else feels more confident about the safety and more willing to put up with reading your unnecessarily dramatic updates. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
