It may be a bit of a hack, but it seems reasonable to me. The best part is that it works.
+1 Brad >>> [EMAIL PROTECTED] Wednesday, December 08, 2004 2:33:48 AM >>> On Tue, Dec 07, 2004 at 05:14:40PM -0700, Brad Nicholes wrote: > OK, now that you have enabled upgrades for anything other than > OPTIONS, I see the problem. Even though there is a content-length > included in the header, you are saying that the header is being sent > encrypted but the content is not, correct? And the reason for this is > because there is more than one filter stack that needs to be modified? Yes. I think this fixes it, it's a bit of a hack though: Index: modules/ssl/ssl_engine_io.c =================================================================== --- modules/ssl/ssl_engine_io.c (revision 111159) +++ modules/ssl/ssl_engine_io.c (working copy) @@ -1184,22 +1184,26 @@ apr_bucket *b; SSL *ssl; - /* Just remove the filter, if it doesn't work the first time, it won't - * work at all for this request. - */ - ap_remove_output_filter(f); + /* f->ctx is non-NULL after the first call to this filter: it's + * necessary to pass through directly to the connection output_filters + * for the remainder of this request, since the SSL output filter has + * not been added to r->output_filters for this request. */ + if (f->ctx) { + return ap_pass_brigade(f->c->output_filters, bb); + } - /* No need to ensure that this is a server with optional SSL, the filter - * is only inserted if that is true. - */ - + /* No need to ensure that this is a server with optional SSL, the + * filter is only inserted if that is true. */ upgrade = apr_table_get(r->headers_in, "Upgrade"); if (upgrade == NULL || strcmp(ap_getword(r->pool, &upgrade, ','), "TLS/1.0")) { /* "Upgrade: TLS/1.0, ..." header not found, don't do Upgrade */ + ap_remove_output_filter(f); return ap_pass_brigade(f->next, bb); } + f->ctx = f; /* flag as non-NULL for subsequent passes */ + apr_table_unset(r->headers_out, "Upgrade"); /* Send the interim 101 response. */ @@ -1245,7 +1249,6 @@ pass the brigade off to the connection based output filters so that the request can complete encrypted */ return ap_pass_brigade(f->c->output_filters, bb); - } static apr_status_t ssl_io_filter_input(ap_filter_t *f,