Re: svn commit: r1729826 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c

Thu, 11 Feb 2016 06:11:00 -0800 


On 02/11/2016 02:46 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Feb 11 13:46:39 2016
> New Revision: 1729826
> 
> URL: http://svn.apache.org/viewvc?rev=1729826&view=rev
> Log:
> mod_proxy: Play/restore the TLS-SNI on new backend connections which
> had to be issued because the remote closed the previous/reusable one
> during idle (keep-alive) time.
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/proxy/proxy_util.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1729826&r1=1729825&r2=1729826&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Thu Feb 11 13:46:39 2016
> @@ -1,6 +1,10 @@
>                                                           -*- coding: utf-8 
> -*-
>  Changes with Apache 2.5.0
>  
> +  *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
> +     had to be issued because the remote closed the previous/reusable one
> +     during idle (keep-alive) time.  [Yann Ylavic]
> +
>    *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: 
> proxy
>       urls. Uses, so far, one connection per request, reuses connections.
>    
> 
> Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1729826&r1=1729825&r2=1729826&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
> +++ httpd/httpd/trunk/modules/proxy/proxy_util.c Thu Feb 11 13:46:39 2016
> @@ -2717,12 +2717,18 @@ PROXY_DECLARE(int) ap_proxy_connect_back
>  
>      if (conn->sock) {
>          if (!(connected = ap_proxy_is_socket_connected(conn->sock))) {
> -            /* FIXME: this loses conn->ssl_hostname and it will not be
> -             * restablished before the SSL connection is made -> no SNI! */
> +            /* This clears conn->scpool (and associated data), so backup and
> +             * restore any ssl_hostname for this connection set earlier by
> +             * ap_proxy_determine_connection().
> +             */
> +            const char *ssl_hostname = conn->ssl_hostname;

conn->ssl_hostname might be allocated from conn->scpool.
So the pointer might be invalid after socket_cleanup(conn). So you need to 
apr_pstrdup it first.
No real good idea which pool to use here. Probably create a temp subpool of 
conn->pool,
strdup, after socket_cleanup dup with conn->scpool and destroy tmp pool.

> +
>              socket_cleanup(conn);
>              ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951)
>                           "%s: backend socket is disconnected.",
>                           proxy_function);
> +
> +            conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname);
>          }
>      }
>      while ((backend_addr || conn->uds_path) && !connected) {
> 
> 
> 

Regards

RĂ¼diger

Reply via email to