Folks, I brought this up on list and don't remember a response.
I'm wondering if we need to do this handshake before using one
of mod_proxy's SSL client streams. I believe we do in the case
of connecting to ftps:// if we ever support it, due to the fact
that we will attempt to read off the welcome first, and that's
not possible till we start an empty INIT write at the client
to negotiate.
It's sat around in this tree too long for me to worry about again,
if someone else shares my concern, please catch.
Bill
Index: modules/proxy/mod_proxy_http.c
===================================================================
--- modules/proxy/mod_proxy_http.c (revision 587772)
+++ modules/proxy/mod_proxy_http.c (working copy)
@@ -1848,6 +1848,20 @@
if ((status = ap_proxy_connection_create(proxy_function, backend,
c, r->server)) != OK)
goto cleanup;
+
+ if (backend->is_ssl) {
+ apr_bucket_brigade *bb;
+ bb = apr_brigade_create(c->pool, c->bucket_alloc);
+ status = ap_get_brigade(c->input_filters, bb, AP_MODE_INIT,
+ APR_BLOCK_READ, 0);
+ apr_brigade_destroy(bb);
+
+ if (status != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
+ "Failed to initialize the proxy ssl data stream");
+ goto cleanup;
+ }
+ }
}
/* Step Four: Send the Request */
