> -----Original Message-----
> From: Daniel Ruggeri [mailto:[email protected]]
> Sent: Donnerstag, 25. November 2010 06:04
> To: [email protected]
> Subject: Making mod_proxy_http more aware of SSL
>
> All;
> I opened up bug 50332 to attach/document these patches. The patch
> causes mod_ssl to create a note on the conn_req which is checked by
> mod_proxy_http when it attempts to pass the request. The
> intent is for
> mod_proxy_http to realize that an SSL handshake error has
> occurred and
> mark the worker out of service.
I guess the part in mod_proxy_http.c is not the correct way to do it.
Instead of
===================================================================
--- httpd-trunk/modules/proxy/mod_proxy_http.c (revision 1037345)
+++ httpd-trunk/modules/proxy/mod_proxy_http.c (working copy)
@@ -1468,6 +1468,10 @@
return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, "Timeout
on 100-Continue");
}
}
+ else if(strcmp(apr_table_get(backend->connection->notes,
"SSL_connect_rv"), "err") == 0) {
+ backend->worker->s->status |= PROXY_WORKER_IN_ERROR;
+ backend->worker->s->error_time = apr_time_now();
+ }
/*
* If we are a reverse proxy request shutdown the connection
* WITHOUT ANY response to trigger a retry by the client
the following seems better:
+ else if(strcmp(apr_table_get(backend->connection->notes,
"SSL_connect_rv"), "err") == 0) {
+ return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
+ "Error during SSL Handshake with
remote server");
+
Regards
Rüdiger
