On 11/06/2007 04:02 PM, [EMAIL PROTECTED] wrote: > Author: jorton > Date: Tue Nov 6 07:02:32 2007 > New Revision: 592446 > > URL: http://svn.apache.org/viewvc?rev=592446&view=rev > Log: > mod_ssl: Fix forever-broken TLS upgrade support; perform the upgrade > in the post_read_request hook rather than in a filter, and fix the > filter insertion issue: > > * modules/ssl/ssl_engine_kernel.c (upgrade_connection): New function, > mostly moved from ssl_io_filter_Upgrade. > (ssl_hook_ReadReq): Call upgrade_connection to upgrade to TLS if > required. > > * modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove > function. > (ssl_io_input_add_filter, ssl_io_filter_init): Take a request_rec > pointer and pass to ap_add_*_filter to ensure the filter chain > is modified correctly; remove it from the filter afterwards.
Can you explain this in more detail please? I currently don't understand what is going wrong if you call ap_add_input_filter / ap_add_output_filter with NULL instead of r in the case of an upgrade (where r != NULL). Is it because INSERT_BEFORE delivers the wrong value because f->r == NULL for all connection level filters? Currently I see the danger that the connection level filter ssl_io_filter is allocated out of the request pool by add_any_filter_handle (because r != NULL) instead of the connection pool. I think that even in the upgrade case the lifetime of ssl_io_filter is the same as the (remaining) lifetime of the connection and that this lifetime might be longer than that of r->pool. Regards RĂ¼diger
