On 11/21/19 4:51 PM, [email protected] wrote:
> Author: jorton
> Date: Thu Nov 21 15:51:32 2019
> New Revision: 1870095
>
> URL: http://svn.apache.org/viewvc?rev=1870095&view=rev
> Log:
> Buffer HTTP request bodies for TLSv1.3 PHA in the same way as for
> TLSv<1.3 renegotiation.
>
> * modules/ssl/ssl_engine_kernel.c (fill_reneg_buffer): Factor
> out...
> (ssl_hook_Access_classic): ... from here.
> (ssl_hook_Access_modern): Use it here too.
>
> Github: closes #75
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1870095&r1=1870094&r2=1870095&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Nov 21 15:51:32 2019
> @@ -1132,6 +1144,17 @@ static int ssl_hook_Access_modern(reques
> }
> }
>
> + /* Fill reneg buffer if required. */
> + if (change_vmode) {
Why can't we put this block below the
if (change_vmode)
a few lines below?
> + rc = fill_reneg_buffer(r, dc);
> + if (rc) {
> + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
> + "could not buffer message body to allow "
> + "TLS Post-Handshake Authentication to
> proceed");
> + return rc;
> + }
> + }
> +
> if (change_vmode) {
> char peekbuf[1];
Regards
RĂ¼diger
