On Tue, Jul 3, 2018 at 8:58 AM, <[email protected]> wrote:
>
> +++ httpd/httpd/branches/2.4.x/STATUS Tue Jul 3 06:58:55 2018
> @@ -179,7 +179,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
> 2.4.x patch: svn merge -c 1645529 ^/httpd/httpd/trunk .
> +1: ylavic, druggeri
> druggeri: Why no +1, jallietc36?
> -
> + rpluem: I think the patch is wrong here and in trunk. This causes
> + ap_pass_brigade to return APR_SUCCESS in ap_proxy_pass_brigade. The
> error
> + bucket inserted by ssl_io_filter_error IMHO makes no sense because it
> + would be sent to the origin server (the proxy backend) and not to our
> + client. Further discussion should possibly happen on dev@.
Agreed, but r1645529 looks right to me, I'd rather fix
ssl_io_filter_error() to return EGENERAL (and no error brigade) in
this case.
Something like this:
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c (revision 1834106)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -1008,14 +1008,10 @@ static apr_status_t ssl_io_filter_error(bio_filter
break;
case MODSSL_ERROR_BAD_GATEWAY:
- /* Send an error bucket, though the proxy currently has no
- * special handling for error buckets and ignores this. */
- bucket = ap_bucket_error_create(HTTP_BAD_GATEWAY, NULL,
- f->c->pool,
- f->c->bucket_alloc);
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, APLOGNO(01997)
"SSL handshake failed: sending 502");
- break;
+ f->c->aborted = 1;
+ return APR_EGENERAL;
default:
return status;
?
