> Am 11.02.2016 um 15:10 schrieb Ruediger Pluem <rpl...@apache.org>: > > > > On 02/11/2016 02:46 PM, yla...@apache.org wrote: >> Author: ylavic >> Date: Thu Feb 11 13:46:39 2016 >> New Revision: 1729826 >> >> URL: http://svn.apache.org/viewvc?rev=1729826&view=rev >> Log: >> mod_proxy: Play/restore the TLS-SNI on new backend connections which >> had to be issued because the remote closed the previous/reusable one >> during idle (keep-alive) time. >> >> Modified: >> httpd/httpd/trunk/CHANGES >> httpd/httpd/trunk/modules/proxy/proxy_util.c >> >> Modified: httpd/httpd/trunk/CHANGES >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1729826&r1=1729825&r2=1729826&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/CHANGES [utf-8] (original) >> +++ httpd/httpd/trunk/CHANGES [utf-8] Thu Feb 11 13:46:39 2016 >> @@ -1,6 +1,10 @@ >> -*- coding: utf-8 >> -*- >> Changes with Apache 2.5.0 >> >> + *) mod_proxy: Play/restore the TLS-SNI on new backend connections which >> + had to be issued because the remote closed the previous/reusable one >> + during idle (keep-alive) time. [Yann Ylavic] >> + >> *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: >> proxy >> urls. Uses, so far, one connection per request, reuses connections. >> >> >> Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1729826&r1=1729825&r2=1729826&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/proxy/proxy_util.c (original) >> +++ httpd/httpd/trunk/modules/proxy/proxy_util.c Thu Feb 11 13:46:39 2016 >> @@ -2717,12 +2717,18 @@ PROXY_DECLARE(int) ap_proxy_connect_back >> >> if (conn->sock) { >> if (!(connected = ap_proxy_is_socket_connected(conn->sock))) { >> - /* FIXME: this loses conn->ssl_hostname and it will not be >> - * restablished before the SSL connection is made -> no SNI! */ >> + /* This clears conn->scpool (and associated data), so backup and >> + * restore any ssl_hostname for this connection set earlier by >> + * ap_proxy_determine_connection(). >> + */ >> + const char *ssl_hostname = conn->ssl_hostname; > > conn->ssl_hostname might be allocated from conn->scpool. > So the pointer might be invalid after socket_cleanup(conn). So you need to > apr_pstrdup it first. > No real good idea which pool to use here. Probably create a temp subpool of > conn->pool, > strdup, after socket_cleanup dup with conn->scpool and destroy tmp pool.
I only dup'ed it once into a stack pointer. So, I used the r->pool for that. > >> + >> socket_cleanup(conn); >> ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951) >> "%s: backend socket is disconnected.", >> proxy_function); >> + >> + conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname); >> } >> } >> while ((backend_addr || conn->uds_path) && !connected) { >> >> >> > > Regards > > RĂ¼diger