Re: Upgrade when !ap_request_has_body(r) only for 2.4.18? (was: svn commit: r1718595 - /httpd/httpd/branches/2.4.x/STATUS)

Tue, 08 Dec 2015 06:10:24 -0800 

On Tue, Dec 8, 2015 at 2:37 PM, Yann Ylavic <[email protected]> wrote:
> On Tue, Dec 8, 2015 at 2:30 PM,  <[email protected]> wrote:
>> Author: ylavic
>> Date: Tue Dec  8 13:30:30 2015
>> New Revision: 1718595
>>
>> URL: http://svn.apache.org/viewvc?rev=1718595&view=rev
>> Log:
>> Comment about ap_request_has_body() check for Upgrade.
>>
>> Modified:
>>     httpd/httpd/branches/2.4.x/STATUS
>>
> []
>>       trunk patch: http://svn.apache.org/r1717816
>>       +1: wrowe, icing
>> +     ylavic: how about adding !ap_request_has_body(r) to the test then?
>
> E.g. (on top of r1717816):

Actually, since there is already an Upgrade handling above, wouldn't a more
correct patch be (trunk):

Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c    (revision 1718341)
+++ modules/ssl/ssl_engine_kernel.c    (working copy)
@@ -230,10 +230,13 @@ int ssl_hook_ReadReq(request_rec *r)

     /* Perform TLS upgrade here if "SSLEngine optional" is configured,
      * SSL is not already set up for this connection, and the client
-     * has sent a suitable Upgrade header. */
+     * has sent a suitable Upgrade header. Note this must happen before
+     * map_to_storage and OPTIONS * request processing is completed.
+     */
     if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
         && (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
-        && ap_find_token(r->pool, upgrade, "TLS/1.0")) {
+        && ap_find_token(r->pool, upgrade, "TLS/1.0")
+        && !r->main && !ap_has_request_body(r)) {
         if (upgrade_connection(r)) {
             return AP_FILTER_ERROR;
         }
@@ -246,17 +249,6 @@ int ssl_hook_ReadReq(request_rec *r)
         sslconn = myConnConfig(r->connection->master);
     }

-    /* If "SSLEngine optional" is configured, this is not an SSL
-     * connection, and this isn't a subrequest, send an Upgrade
-     * response header.  Note this must happen before map_to_storage
-     * and OPTIONS * request processing is completed.
-     */
-    if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
-        && !r->main) {
-        apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
-        apr_table_mergen(r->headers_out, "Connection", "upgrade");
-    }
-
     if (!sslconn) {
         return DECLINED;
     }
?

Reply via email to