mod_ssl post-read-request error checking on internal redirects

Jeff Trawick Fri, 11 Jul 2014 13:26:20 -0700

A patch:

Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c (revision 1609790)
+++ modules/ssl/ssl_engine_kernel.c (working copy)
@@ -164,7 +164,7 @@
         return DECLINED;
     }
 #ifdef HAVE_TLSEXT
-    if (r->proxyreq != PROXYREQ_PROXY) {
+    if (!r->prev && r->proxyreq != PROXYREQ_PROXY) {
         if ((servername = SSL_get_servername(ssl,
TLSEXT_NAMETYPE_host_name))) {
             char *host, *scope_id;
             apr_port_t port;



This path in the post-read-request hook is performing some SNI-related
error checking, catching situations where it will return 400 or 403.

I noticed with StrictSNIVHostCheck failures that this code is triggering an
error on a subrequest to generate an error document after catching the same
error on the initial request.

Is there a reason either of the checks here needs to be made on a
subrequest?

Thanks!


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/

mod_ssl post-read-request error checking on internal redirects

Reply via email to